Senior Application Security Engineer

We invite a Senior Application Security Engineer to join our team remotely at BrainRocket, an international software development and digital solutions company with 1,300 professionals across Cyprus, Poland, Portugal and Serbia. Here, everything moves at rocket speed : driving innovation, pioneering projects, and fast-tracking careers. We turn ideas into action—let’s get started!

Join to apply for the Senior Application Security Engineer role at BrainRocket.

• Demonstrate the ability to collaborate with other teams to achieve complex objectives.
• Design security architecture from cloud infrastructure to application using secure by design principles.
• Collaborate with product managers, architects, and developers on the security controls platform ecosystem and products.
• Prove security implementations within infrastructure, application deployment manifests, and CI / CD pipelines.
• Define required policies, controls, and capabilities for protecting products and environments.
• Build and validate declarative threat models automation.
• Participate in engineering teams’ product planning cycles and committees.
• Oversee product security aspects for migration of products and services from data centers to public cloud (e.g., AWS).
• Serve as a trusted cybersecurity advisor to product and application teams.

• Minimum of 3 years experience as an Application Security Engineer.
• Experience integrating security scanning / tooling into development pipelines.
• Experience with CI / CD pipelines (e.g., GitLab, Jenkins) and infrastructure-as-code models (e.g., Terraform, Helm, CloudFormation).
• Strong understanding of supply chain security, software integrity, and secure software delivery.
• Experience with Docker and mesh technologies (e.g., Istio).
• Experience with architecture and security reviews, threat modeling, and application risk is highly desired.
• Experience working with Agile methodologies.
• Knowledge of privacy laws and regulations (e.g., GDPR) desired.
• F familiar with industry regulations, frameworks and practices (e.g., PCI, ISO 27001, NIST).
• In-depth experience architecting secure services on Kubernetes.
• Extensive experience architecting secure services on AWS or on-prem data centers.
• Security-related professional certifications (e.g., CISSP, CISM, CCSK, CCSP, CEH) highly desirable.

• Learning and development opportunities and interesting, challenging tasks.
• Opportunity to develop language skills, with partial compensation for English classes (localization).
• Time for proper rest, with 20 working days of annual vacation and additional paid sick days.
• Competitive remuneration level with annual review.
• Bold moves start here. Make yours. Apply today!

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Industries — Gambling Facilities and Casinos, Financial Services, and Computer Games