CrawlJobs Logo

Application Security / Product Security Engineer

European Union · Job Posted May 16, 2026
Apply Position
Job Link Share

Job Description

We are looking for an Application Security / Product Security Engineer to support and improve security processes across the software development lifecycle (SDLC) and CI/CD environments for our client. In this role, you will work closely with engineering teams to help implement and maintain security controls, improve vulnerability management processes, support compliance initiatives, and strengthen secure development practices across modern software delivery pipelines.

Job Responsibility

  • Support Software Composition Analysis (SCA) processes and open-source license compliance activities
  • Help implement and maintain secret detection practices, including pre-commit hooks and CI/CD secret scanning
  • Participate in vulnerability management activities: vulnerability scanning, triage and prioritization, Jira ticket tracking, remediation follow-up and SLA monitoring
  • Collaborate with engineering teams to improve Secure SDLC and CI/CD security practices
  • Support security tooling integrations within CI/CD pipelines (e.g., GitHub Actions)
  • Maintain security-related documentation and assist with audit/compliance activities
  • Contribute to asset inventory and security governance processes
  • Work with development and infrastructure teams to improve overall security posture

Requirements

  • 2–5 years of experience in Application Security, Product Security, DevSecOps, Security Operations, or related cybersecurity roles
  • General understanding of Secure SDLC and application security principles
  • Experience working with security tools or processes related to vulnerability management, CI/CD security, or dependency/security scanning
  • Familiarity with Jira or similar ticketing/tracking systems
  • Understanding of common application security risks and vulnerabilities
  • Ability to document processes and communicate effectively with technical teams
  • English skills sufficient for technical communication and participation in project discussions

Nice to have

  • Hands-on experience with SCA tools such as FOSSA, Snyk, Mend, Black Duck, or similar
  • Familiarity with open-source license compliance processes
  • Experience with secret detection tools, pre-commit hooks, or CI/CD secret scanning
  • Experience integrating security controls into GitHub Actions or other CI/CD platforms
  • Familiarity with vulnerability remediation workflows and SLA tracking
  • Experience with asset inventory tools such as NetBox
  • Experience supporting audits or compliance initiatives (ISO 27001, SOC 2, etc.)
  • Familiarity with SAST, DAST, container scanning, or cloud security tooling
  • Experience working in cloud-native or Kubernetes environments

What we offer

  • Projects for such clients as PayPal, Wargaming, Xerox, Philips, Adidas and Toyota
  • Competitive compensation that depends on your qualification and skills
  • Career development system with clear skill qualifications
  • Flexible working hours aligned to your schedule
  • Options to work remotely
  • Corporate medical insurance covering services of private and public medical centers
  • English courses online
  • Corporate parties and events for employees and their children
  • Internal conferences, workshops and meetups for learning and experience sharing
  • Gym membership compensation
  • 5 days of paid sick leave per year with no obligation to submit a sick-leave certificate

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Application Security / Product Security Engineer

8 matching positions

Senior Application Security / Product Security Engineer

We are seeking an experienced Application Security / Product Security Engineer t...
Location
Location
India , Mumbai
Salary
Salary:
Not provided
Galaxy Office Automation Pvt. Ltd.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong understanding of Application Security and Product Security principles
  • Experience with secure SDLC practices
  • Hands-on experience performing security testing for Web applications, APIs, Mobile apps, Thick client applications
  • Knowledge of cloud platforms (AWS / Azure / GCP) and cloud security architecture
  • Experience performing security design reviews and threat modeling
  • Familiarity with OWASP Top 10, API Security Top 10, and common vulnerability classes
  • Experience using security tools such as SAST, DAST, SCA
  • API testing tools
  • Good working knowledge of Excel for tracking vulnerabilities, metrics, and reporting
  • Strong task management and stakeholder coordination skills
Job Responsibility
Job Responsibility
  • Integrate security practices into the Software Development Lifecycle (SDLC)
  • Perform application security design reviews for new and existing products
  • Conduct manual and automated security testing of Web applications, REST / GraphQL APIs, Mobile applications (Android / iOS), Thick client / desktop applications
  • Identify vulnerabilities such as OWASP Top 10, authentication issues, authorization flaws, and API security risks
  • Review cloud architecture and deployments (AWS, Azure, GCP) for security best practices
  • Work with development teams to prioritize and remediate vulnerabilities
  • Perform threat modeling and security architecture assessments
  • Track vulnerabilities, remediation status, and risk metrics using Excel or vulnerability management tools
  • Support secure coding practices and developer security awareness
  • Manage multiple security assessments and coordinate tasks across teams
  • Fulltime
Read More
Arrow Right

Security Engineer, Product Security

We are seeking a highly technical Security Engineer to join our Product Security...
Location
Location
United States , New York, NY; San Francisco, CA; Seattle, WA; Washington, DC
Salary
Salary:
237600.00 - 297000.00 USD / Year
scale.com Logo
Scale
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrated ability to drive multi-month security initiatives independently, from problem definition through execution, without requiring significant direction
  • Proven experience as a Security Engineer with a focus on product security
  • Proficiency in NodeJS, TypeScript, Python, and/or Kubernetes
  • Strong understanding of modern Javascript application design
  • Production experience operating and securing AWS infrastructure at scale
  • Hands-on experience with SAST and DAST tools and methodologies
  • Familiarity with terraform orchestration for infrastructure management
  • You can structure complex problems and diagnose root causes independently, providing actionable insights without requiring manager input
  • Excellent communication skills, with the ability to clearly present technical concepts and their implications to both technical and non-technical stakeholders
  • Demonstrated ability to influence security strategies and drive improvements within a team
Job Responsibility
Job Responsibility
  • Leverage broad product security expertise to build and maintain software tooling that secures every layer of the modern AI/ML software ecosystem
  • Conduct in-depth code reviews to identify and remediate security vulnerabilities
  • Evaluate and enhance the security of our product offerings, through RFC and service review
  • Implement and maintain CI/CD pipelines with a strong focus on security
  • Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify vulnerabilities in production code
  • Utilize terraform orchestration to ensure secure and efficient infrastructure management
  • Guide engineering teams to build robust long-term solutions that consider security and privacy
  • Clearly explain the mechanics and significance of security vulnerabilities, including their exploitability and potential impact
  • Influence the security strategy and direction of the team, advocating for best practices and continuous improvement
What we offer
What we offer
  • Comprehensive health, dental and vision coverage
  • retirement benefits
  • learning and development stipend
  • generous PTO
  • commuter stipend
  • Fulltime
Read More
Arrow Right

Security Engineer, Product Security

We are seeking a highly technical Security Engineer to join our Product Security...
Location
Location
United States , San Francisco; Seattle; New York
Salary
Salary:
189200.00 - 236500.00 USD / Year
scale.com Logo
Scale
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience as a Security Engineer with a focus on product security
  • Proficiency in NodeJS, TypeScript, Python, and/or Kubernetes
  • Strong understanding of modern Javascript application design
  • Production experience with Kubernetes backed services
  • Hands-on experience with SAST and DAST tools and methodologies
  • Familiarity with terraform orchestration for infrastructure management
  • Ability to structure complex problems and diagnose root causes independently, providing actionable insights without requiring manager input
  • Excellent communication skills, with the ability to clearly present technical concepts and their implications to both technical and non-technical stakeholders
  • Demonstrated ability to influence security strategies and drive improvements within a team
  • Relevant security certifications (e.g., CISSP, CEH, OSCP) are a plus
Job Responsibility
Job Responsibility
  • Conduct in-depth code reviews to identify and remediate security vulnerabilities
  • Evaluate and enhance the security of our product offerings, through RFC and service review
  • Implement and maintain CI/CD pipelines with a strong focus on security
  • Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify vulnerabilities in production code
  • Utilize terraform orchestration to ensure secure and efficient infrastructure management
  • Guide engineering teams to build robust long-term solutions that consider security and privacy
  • Clearly explain the mechanics and significance of security vulnerabilities, including their exploitability and potential impact
  • Influence the security strategy and direction of the team, advocating for best practices and continuous improvement
What we offer
What we offer
  • Comprehensive health, dental and vision coverage
  • retirement benefits
  • a learning and development stipend
  • generous PTO
  • additional benefits such as a commuter stipend
  • equity grant
  • Fulltime
Read More
Arrow Right

Staff Security Engineer, Product Security

At Mozilla, we believe the internet is a global public resource—open and accessi...
Location
Location
Salary
Salary:
Not provided
mozilla.org Logo
Mozilla
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of relevant hands-on experience in product and application security
  • 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment
  • Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review
  • Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation
  • Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams
Job Responsibility
Job Responsibility
  • Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products
  • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC)
  • Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation
  • Perform security code reviews
  • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts
  • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early
  • Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases
  • Help define and enforce security policies and provide security guidance to development teams
  • Help shape Mozilla's security culture through collaboration, guidance, and education
What we offer
What we offer
  • Generous performance-based bonus plans to all eligible employees - we share in our success as one team
  • Rich medical, dental, and vision coverage
  • Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
  • Quarterly all-company wellness days where everyone takes a pause together
  • Country specific holidays plus a day off for your birthday
  • One-time home office stipend
  • Annual professional development budget
  • Quarterly well-being stipend
  • Considerable paid parental leave
  • Employee referral bonus program
  • Fulltime
Read More
Arrow Right

Staff Security Engineer, Product Security

At Mozilla, we believe the internet is a global public resource—open and accessi...
Location
Location
Salary
Salary:
Not provided
mozilla.org Logo
Mozilla
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of relevant hands-on experience in product and application security
  • 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment
  • Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review
  • Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation
  • Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams
Job Responsibility
Job Responsibility
  • Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products
  • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC)
  • Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation
  • Perform security code reviews
  • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts
  • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early
  • Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases
  • Help define and enforce security policies and provide security guidance to development teams
  • Help shape Mozilla's security culture through collaboration, guidance, and education
What we offer
What we offer
  • Generous performance-based bonus plans to all eligible employees - we share in our success as one team
  • Rich medical, dental, and vision coverage
  • Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
  • Quarterly all-company wellness days where everyone takes a pause together
  • Country specific holidays plus a day off for your birthday
  • One-time home office stipend
  • Annual professional development budget
  • Quarterly well-being stipend
  • Considerable paid parental leave
  • Employee referral bonus program
Read More
Arrow Right

Senior Security Engineer, Application Security

Application Security enables 1Password to build and deliver secure products with...
Location
Location
United States; Canada
Salary
Salary:
156000.00 - 210000.00 USD; CAD / Year
https://www.1password.com Logo
1Password
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of career experience in IT or Engineering with a security focus
  • Passion for and strong experience with any of: bug bounty programs, vulnerability research, validation, remediation or pentesting
  • Experience with internal tool development and engineering enablement
  • Strong foundational understanding of software development principles, and are comfortable reading and writing code
  • Work well in a team environment with positive communications amongst a variety of technical and non-technical stakeholders
  • Comfortable owning and setting technical direction for small to medium sized initiatives
  • Adaptable and resilient, thriving in fast-paced environments with shifting priorities
Job Responsibility
Job Responsibility
  • Design, build, integrate and scale new security solutions to power our vulnerability management program
  • Develop and maintain tools that correlate, enrich, and prioritize security vulnerability findings from multiple data sources
  • Develop and maintain comprehensive dashboards and reporting metrics around our vulnerability management program, tailored to different audiences (technical, non-technical, compliance, senior leadership, etc.)
  • Conduct detailed analysis used to inform security development teams to eliminate classes of vulnerabilities
  • Partner with product and development teams to improve vulnerability triage workflows, validate findings, and come up with remediation strategies consistent with good user experiences
  • Contribute to the design of risk-scoring and SLA models that align with business priorities
  • Mentor other engineers and help shape the evolution of our vulnerability management strategy
What we offer
What we offer
  • Health benefits
  • Dental benefits
  • 401k/RRSP
  • Generous PTO policy
  • Equity grant
  • Incentive programs
  • Maternity and parental leave top-up programs
  • Retirement matching program
  • Free 1Password account
  • Paid volunteer days
  • Fulltime
Read More
Arrow Right

Senior Security Engineer - Application Security

This is an opportunity to join K's critical InfoSec team as a Senior Security En...
Location
Location
United States , New York
Salary
Salary:
150000.00 - 185000.00 USD / Year
khealth.com Logo
K Health
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in Information Security, Cloud Security, IT Security, and/or Application Security
  • Strong expertise in cloud technology (AWS, GCP, or Azure), modern programming languages, utilization of generative coding utilities, and the security implications of utilizing AI code development utilities
  • Demonstrated experience researching, establishing, and successfully rolling out enterprise-wide security policies and guidelines
  • Proven experience establishing a cutting-edge security posture, particularly within the regulated healthcare technology field
  • Excellent communication skills, capable of translating complex security risks into clear, actionable advice for technical and non-technical stakeholders
  • Expertise in compliance, security, and regulatory areas such as
  • HIPAA, PHI, AKS, SOC 2, ISO, GDPR, etc.
  • Flexibility in covering a rotation for critical on-call support responsibilities
Job Responsibility
Job Responsibility
  • Lead the development and implementation of robust application security protocols throughout the entire Software Development Lifecycle (SDLC)
  • Design, deploy, and continuously monitor cloud security architecture across our cloud environments, ensuring performance and resilience
  • Manage the security posture of K’s core IT infrastructure, internal networks, and perimeter defenses, mitigating threats before they impact operations
  • Ensure adherence to relevant healthcare regulatory and compliance requirements (e.g., HIPAA, GDPR, etc.) across all product lines and systems
  • Conduct proactive vulnerability assessments, penetration tests, and security reviews to identify and remediate potential weaknesses in our platforms
  • Collaborate with engineering teams to integrate security tools and practices into continuous integration/continuous deployment (CI/CD) pipelines
What we offer
What we offer
  • Hybrid work schedule with weekly lunches and stocked fridges
  • Monthly social committees for company events
  • 18 vacation days, 9 company holidays, 5 sick days, and 2 personal days
  • Stock options for every full-time employee
  • Paid parental leave
  • 401k benefit
  • Commuter Benefits
  • Competitive health, dental, and vision insurance options
  • Fulltime
Read More
Arrow Right

Senior Security Engineer, Application Security

We are hiring a Senior Application Security Engineer to join Turnkey's team and ...
Location
Location
Salary
Salary:
Not provided
turnkey.com Logo
Turnkey
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelors degree in Computer Science, Engineering, or a related field
  • 5+ years of experience in application or product security, ideally in fast-moving, high-impact or crypto-native environments
  • Strong understanding of web, mobile, and cryptographic security fundamentals (e.g. OWASP Top Ten, SANS/CWE Top 25)
  • Proficiency in programming and scripting languages (Typescript/Javascript, Go, Rust) and experience building secure systems from the code up
  • Hands-on experience with security testing tools and methodologies (static/dynamic analysis, pen testing, etc.)
  • Strong understanding of cloud, containerized, and runtime environments (AWS, GCP, Docker, Kubernetes), with the ability to embed security early in the SDLC
  • Excellent analytical, problem-solving, and communication skills, with a collaborative mindset for partnering across product and infrastructure teams
  • Curious, proactive, and passionate about building secure, reliable systems in a fast moving startup environment
  • A builder mentality
  • comfortable operating with ambiguity, tackling incomplete systems, and applying hands-on engineering experience to security challenges.
Job Responsibility
Job Responsibility
  • Partner with Product and Engineering at both the design and development stage to ensure that we implement new features securely, including (but not limited to): Participating in the implementation efforts
  • Doing security reviews
  • Helping with product design decisions
  • Auditing and surfacing vulnerabilities in our current products
  • Conducting threat modeling and security assessments for new features and systems, identifying risks early and shaping secure architectural decisions
  • Developing and improving our Automated Tooling: further enhancing our automated tooling to scale our product security capabilities and find potential code problems both before and after we deploy
  • Making the safe way, the easy way: work on defining and building application guardrails so that developers can build securely by default
  • Investigating and remediating security issues, including vulnerabilities and incidents, and drive long-term improvements to prevent recurrence
  • Embedding a culture of secure development across engineering, defining practices that influence how Turnkey builds, deploys, and maintains systems at scale.
What we offer
What we offer
  • Full benefits, including medical, dental, vision, life, disability, HSA/FSA, 401(k)
  • Paid parental leave
  • Unlimited PTO
  • $3,000/yr learning and development budget to attend industry conferences
  • Multiple team offsites per year
  • Macbook Pro laptop
  • Lunch stipend (for those physically in the New York City office)
  • Fulltime
Read More
Arrow Right