Security Engineer - AppSec

Our client is a global leader in enterprise orchestration, helping over 400,000 businesses worldwide streamline their operations with its AI-powered platform. They are looking for a highly accomplished Security Engineer - AppSec. This is a full-time, permanent, remote position ideally based in Spain, Portugal, or Bulgaria.

• Bachelor's degree in Computer Science, Cybersecurity, or a related technical field.
• 4+ years in cybersecurity or software engineering, with at least 2 years focused on application or product securityli>
• Strong understanding of software development processes and ability to speak the language of engineers.
• Proficiency in one or more programming and scripting languages (e.g., Ruby, Java, Python, JavaScript, Bash).
• Hands‑on experience with vulnerability scanners and security testing tools.
• Strong knowledge of threat modeling and security architecture reviews.
• AI/ML security experience, including risk assessment and prevention guidelines.

• Master's degree in a relevant field
• Prior experience as an application or product security engineer in a SaaS or cloud‑native environment
• Advanced certifications (CISSP, OSCP, GPEN, GCIH, GIAC)
• Experience with DevSecOps and security automation
• Network security and encryption standards expertise
• Incident management and response experience
• AWS Security Specialty certification or equivalent cloud security certification
• Expertise in AWS security services (EKS, IAM, KMS, GuardDuty, CloudTrail)

• Secure SDLC Integration: Embed with engineering teams to ensure security is part of every phase of the development lifecycle, from design to deployment.
• Threat Modeling & Design Reviews: Conduct early‑stage threat modeling and participate in architectural and design reviews to identify and mitigate risks proactively.
• Security Enablement: Act as a security champion within product teams by providing training, building security knowledge, and driving adoption of secure coding practices.
• Code & Pipeline Reviews: Perform code reviews with a security lens and provide guidance on CI/CD pipeline security.
• Vulnerability Discovery & Triage: Identify and prioritize vulnerabilities using static/dynamic analysis and manual review, and work with developers on remediation strategies.
• Security Tooling & Automation: Collaborate with the broader ProdSec and DevOps teams to improve tooling and automate security feedback loops.
• Cross‑Functional Collaboration: Partner with Product, SecOps, and Platform teams to align security with product goals and agile workflows.
• Security Advocacy: Help scale security awareness through documentation, workshops, and informal coaching embedded in daily engineering practice.

Security Automation: Design and implement automated security tools and processes to improve detection, response, and compliance efficiency. This role offers the opportunity to secure mission‑critical systems deployed globally while working with cutting‑edge AI and cloud technologies. If you're looking to make a significant impact on enterprise security, this could be perfect for you.