CrawlJobs Logo
ACI Infotech Logo ACI Infotech · IT - Software Development

Security Engineer, AppSec and Cloud

· Job Posted December 14, 2025
Apply Position
Job Link Share

Job Description

The Security Engineer, AppSec and Cloud will be responsible for securing applications, infrastructure, and cloud environments through vulnerability management, threat modeling, and zero-trust architecture. This role requires deep expertise in application and cloud security, automation of secure SDLC practices, and the ability to partner with engineering teams to establish secure defaults and guardrails. The ideal candidate will reduce risk exposure, define clear SLAs for vulnerabilities, and embed security across the development lifecycle.

Job Responsibility

  • Perform security reviews across code, infrastructure, and deployments
  • Implement SAST, DAST, and dependency scanning at scale
  • Harden identity, network, data, and secrets management
  • Define and enforce zero-trust security patterns
  • Conduct threat modeling workshops for critical flows
  • Drive secure SDLC adoption with automated checks
  • Partner with engineering to ensure secure-by-default practices

Requirements

  • 5+ years in application or cloud security roles
  • Expertise in SSO, RBAC, and secrets management
  • Strong knowledge of cloud security controls (IAM, KMS, VPC, WAF)
  • Hands-on experience with threat modeling and vulnerability scanning
  • Experience partnering with engineers to implement secure defaults
  • Ability to translate risk into actionable remediations
  • Strong skills in documentation and incident response

Nice to have

  • Familiarity with compliance frameworks (SOC 2, ISO, GDPR)
  • Background in penetration testing or red teaming
  • Experience with DevSecOps tools for secure SDLC
  • Awareness of AI model and data security risks
ACI Infotech - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Security Engineer, AppSec and Cloud

8 matching positions

Application Security Engineer – AI & Cloud

This role is the first dedicated Application Security hire on a growing security...
Location
Location
United States , Minneapolis
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in Application Security, Security Engineering, DevSecOps, or secure software development
  • Hands-on experience with SAST, DAST, secrets scanning, and dependency review in enterprise environments
  • Strong knowledge of API security — authentication, authorization, transport security, and data handling risks
  • Working knowledge of AWS security fundamentals — IAM, logging, encryption, networking, and secrets management
  • Experience securing or governing AI-assisted development tools such as Cursor, GitHub Copilot, or similar
  • AWS fundamentals including IAM, secrets management, logging, and networking
  • Experience embedding security controls into SDLC and CI/CD pipelines
  • Strong documentation skills — ability to produce defensible standards and audit-ready evidence for NIST and SOC 2
  • Excellent verbal and written communication skills
  • ability to work effectively with developers, architects, and business stakeholders
Job Responsibility
Job Responsibility
  • Own and operate the organization’s SAST and DAST programs end-to-end
  • Design, deploy, tune, and mature SAST and DAST tooling across development and release pipelines
  • Review application code, including AI-generated code, to identify vulnerabilities, insecure patterns, secrets exposure, and data handling risks
  • Partner directly with software developers to triage findings, prioritize remediation, and validate fixes
  • Act as a trusted AppSec partner to engineering, not a gatekeeper
  • Perform application and API security reviews across internally developed and SaaS-integrated systems
  • Evaluate authentication, authorization, transport security, rate limiting, session handling, logging, and data exposure risks
  • Assess externally exposed applications and APIs for secure design and release readiness
  • Support secure AWS application patterns including IAM, secrets management, logging, networking, and containerized workloads
  • Help centralize and improve secrets management using AWS Secrets Manager and enterprise tooling
What we offer
What we offer
  • medical, vision, dental, and life and disability insurance
  • eligibility to enroll in our company 401(k) plan
Read More
Arrow Right

Senior Backend Engineer - AppSec ShiftLeft (Cortex Cloud)

ShiftLeft is building the cloud security platform for developers (AppSec). Our p...
Location
Location
Israel , Tel Aviv
Salary
Salary:
Not provided
paloaltonetworks.com Logo
Palo Alto Networks
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in backend development, with a strong foundation in designing and maintaining scalable systems
  • 2+ years of hands-on experience with TypeScript and Node.js in production environments
  • Experience working with databases such as BigQuery, MongoDB, or relational SQL systems
  • Experience with cloud infrastructure (preferably GCP) and cloud-native architectures
  • A self-driven, independent, leader and fast learner with a proactive approach to solving problems
  • Experience with high scale production systems
  • Excellent collaboration and communication skills with team members and product team
Job Responsibility
Job Responsibility
  • Shaping the future of our code security products
  • Building robust and scalable backend features
  • Driving performance, reliability, and innovation across our systems
  • Owning and leading the department’s data pipelines, databases, and enrichment and persistence flows
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

We're hiring a Senior Application Security Engineer to join a small, high-levera...
Location
Location
United States , Remote
Salary
Salary:
180000.00 - 210000.00 USD / Year
qualia.com Logo
Qualia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of hands-on experience in application security, offensive security, or security engineering, with demonstrable depth in at least two of: offensive testing, security tooling/automation, and cloud/infra security
  • Strong offensive skills - you can manually exploit real web and API vulnerabilities beyond what a scanner will find, and you can teach others to do the same
  • Deep familiarity with building and operating security tooling in a modern engineering org: SAST/DAST/SCA pipelines, custom detection rules, secrets scanning, and CI/CD security gates. You've written tooling, not just configured it
  • Production experience with AWS (IAM, VPC, networking, data services), containerized workloads (Docker, Kubernetes/EKS), and infrastructure-as-code (Terraform or similar)
  • Comfort reading, reviewing, and contributing code in at least one language common to modern web stacks (Python, Go, Ruby, TypeScript, or similar)
  • Clear, direct communication style. You can make a sharp technical argument to senior engineers, translate risk into business terms for leadership, and write a bug report an engineer actually wants to fix
  • Strong partnership instincts - you get leverage by making other teams faster, not by blocking them
Job Responsibility
Job Responsibility
  • Run offensive assessments against Qualia's applications and infrastructure: manual penetration testing, exploit development, authenticated web/API testing, and adversarial review of new designs before they ship
  • Lead threat modeling and secure design review for the highest-risk initiatives across the company, and mentor engineers to do the same for their own work
  • Own and evolve our AppSec tooling stack end-to-end - SAST, DAST, SCA, secret scanning, IaC scanning, and the CI/CD gates that tie them together. Build the custom rules, detections, and automation that generic tooling doesn't give us
  • Harden our cloud posture: review AWS configurations, IAM policies, Kubernetes/EKS workloads, and networking boundaries
  • build automation and guardrails that prevent the same class of issue from recurring
  • Reduce toil for the team - write the tools, scripts, and integrations that turn a day of triage into a few minutes
  • Partner with Infrastructure and Platform on detection engineering, incident response support, and cross-cutting programs (secrets management, supply chain, runtime security)
  • Set the technical bar for the AppSec team: raise the quality of reviews, establish patterns others can reuse, and mentor peers across seniority levels
  • Represent AppSec in architectural reviews, vendor evaluations, and compliance efforts
What we offer
What we offer
  • comprehensive health plans
  • 401k program
  • commuter benefits
  • professional development
  • parental leave
  • flexible time off policy
  • robust online onboarding program
  • biweekly all hands meetings
  • a variety of internal virtual events to keep employees connected
  • Fulltime
Read More
Arrow Right

Application Security Engineer

In this position, you will play a key role in protecting our client’s applicatio...
Location
Location
Poland , Warszawa
Salary
Salary:
Not provided
devire.pl Logo
Devire
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Solid experience in application security or secure software development
  • Good understanding of OWASP Top 10 and common vulnerabilities
  • Experience with tools such as SAST, DAST, or SCA is a plus
  • Familiarity with cloud environments (AWS, Azure, or GCP)
Job Responsibility
Job Responsibility
  • Lead the adoption of secure coding practices across global development teams
  • Conduct hands-on security assessments of web and cloud-based applications
  • Partner with DevOps and engineering teams to integrate security into CI/CD pipelines
  • Facilitate threat modeling sessions and proactively identify vulnerabilities early
  • Stay up to date with AppSec trends and contribute to shaping security strategy
What we offer
What we offer
  • Flexible hybrid working model
  • Modern office in Warsaw
  • Career development programs
  • Access to trainings, certifications, and conferences
  • Competitive bonus structure
  • Private medical care
  • Life and travel insurance plus pension plan
  • Sports card co-financing
  • Meal subsidies in the office
  • Additional days off
Read More
Arrow Right

Senior Platform Security Engineer

We are looking for a security-minded engineer to join our Tech Foundations team....
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
multiverse.io Logo
Multiverse
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A "Builder" Mindset: strong coding and scripting skills (e.g., Python, TypeScript/Node) and a passion for automating everything
  • Cloud & Infrastructure Experience: experience building and securing modern cloud-native infrastructure, including CI/CD pipelines (like GitHub Actions), cloud environments (AWS/Azure), and Infrastructure as Code (like Terraform)
  • Application Security Knowledge: solid understanding of the AppSec landscape and practical experience integrating tools (SAST, DAST, SCA) into developer workflows
  • A Collaborative Partner: excellent communication skills, enjoy collaborating with engineering teams and translating complex security concepts into clear guidance
  • Observability-Driven: experience using security and monitoring platforms (like Datadog) to detect and respond to threats
Job Responsibility
Job Responsibility
  • Architect Secure Foundations: help the platform team to own the security of our developer platform, including designing, building, and maintaining security controls and services within our CI/CD pipelines
  • Secure Our Infrastructure as Code (IaC): Partner with your Platform teammates to be the subject matter expert for securing our Terraform modules and cloud environments (AWS, Azure), focusing on preventing misconfigurations before they're deployed
  • Incident Response and Operations: Participate in the team's on-call rotation, including out-of-hours coverage to support platform availability and security, assist in troubleshooting critical issues, lead the response for security-specific incidents, drive post-mortems focused on learning and preventing recurrence
  • Build a Secure "Paved Road": Seamlessly integrate and orchestrate security testing (SAST, DAST, SCA, container scanning) into developer workflows
  • Enable Vulnerability Remediation: Develop tools and processes to help engineering teams triage, prioritise, and remediate vulnerabilities
  • Implement Platform-Level Detection: Leverage our cloud security and observability platforms to build robust, automated threat detection and response capabilities for the platform itself
  • Be a Security Partner: In partnership with Infosec team, act as a primary security consultants for our developers, provide expert guidance on secure coding (Elixir, TypeScript/Node, Python), secret management, and securing our event-driven architecture and AI services
  • Govern Emerging Technologies: Help architect and implement our AI Management System, ensuring our innovative AI services are built on a secure foundation that meets governance standards like ISO42001
What we offer
What we offer
  • Time off - 27 days holiday, plus 5 additional days off: 1 life event day, 2 volunteer days, 2 company-wide wellbeing days (M-Powered Weekend) and 8 bank holidays per year
  • Health & Wellness- private medical Insurance with Bupa, a medical cashback scheme, life insurance, gym membership & wellness resources through Wellhub and access to Spill - all in one mental health support
  • Hybrid work offering - for most roles we collaborate in the office three days per week
  • Work-from-anywhere scheme - you'll have the opportunity to work from anywhere, up to 10 days per year
  • Space to connect: Beyond the desk, we make time for weekly catch-ups, seasonal celebrations, and have a kitchen that’s always stocked!
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

This is one of our most critical roles, and it’s the first dedicated AppSec hire...
Location
Location
Netherlands , Amsterdam
Salary
Salary:
Not provided
wetravel.com Logo
WeTravel
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience securing SaaS product environments
  • Experience in cloud native and containerized environments
  • Strong CI/CD experience
  • Ability to read and review code (you do not need to write application code for us day to day)
  • Experience working with software engineers
  • Hands on security engineering experience with strong ownership and delivery
Job Responsibility
Job Responsibility
  • Work closely with the Platform team to improve security across infrastructure
  • Work closely with product engineering teams to analyze code for vulnerabilities
  • Build CI/CD automation to find security issues automatically
  • Analyze what we have today, find gaps, take ownership, and execute on improvements
  • Help shift engineering mindset to be more security focused, without blocking development
What we offer
What we offer
  • Competitive salary
  • Generous "Time to Recharge" policy — enjoy unlimited paid time off to rest, recharge, and show up as your best self
  • Work remotely for a maximum of 4 weeks per calendar year
  • 2-week cross-functional onboarding program
  • Cycle-to-work scheme (Swapfiets subscription) or commuting reimbursement
  • Tuesday team lunches and after-work social events
  • Beautiful office in central Amsterdam – rooftop garden and right by Rokin metro
  • Extensive paid family leave
  • Three paid volunteer days per year — take time to give back to causes you care about, on us
  • Cutting-edge equipment and tools to set you up for success
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

In your role as a Senior Application Security Engineer, you are responsible for ...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
resmed.com Logo
ResMed
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in computer science or related field
  • Minimum of 5 years of experience in application security, software development, or related field
  • Expertise in Securing Software Development Lifecycles
  • Expertise in one or more high-level programming languages, e.g., Java, C#, Python, etc.
  • Expertise in application-level attacks and defenses, e.g., OWASP Top 10, SANS Top 25, etc.
  • Experience with AI application security concepts e.g. OWASP Top 10 for LLM applications, etc.
  • Experience with AppSec tooling such as SAST, DAST, IAST, RASP, etc.
  • Experience working with DevOps, Agile, Scrum, Kanban methodologies
  • Experience with AWS cloud services such as WAF, EC2, S3, Lambda, VPC, CloudWatch, CloudTrail, EKS, ECS, KMS, IAM, RDS
Job Responsibility
Job Responsibility
  • Enable development teams to develop secure applications
  • Operation and support of code scanning tools, e.g., Wiz and Checkmarx
  • Supporting development teams to triage findings and enable self-service
  • Ensuring code scanning tools integrate seamlessly into the current software development lifecycle with minimal friction e.g. Github actions as a part of existing shared CICD workflows
  • Oversee the design, implementation, and management of the infrastructure and tooling necessary to support all security aspects of continuous integration, continuous delivery, and continuous deployment (CI/CD) pipelines
  • Collaborate with key stakeholders to identify opportunities for automation, process improvement, and tool optimization
  • Research and implement new technologies to improve and grow secure development (e.g. applications, systems, outsources services)
  • Maintain operational guidelines, diagrams, and documentation for secure development
  • Work closely with the developer experience team to integrate security automation into the development process
  • Fulltime
Read More
Arrow Right

Senior Security Engineer

As a Senior Security Engineer on the Application Security team at OutSystems, yo...
Location
Location
Portugal , Lisbon
Salary
Salary:
Not provided
outsystems.com Logo
OutSystems
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience in application security within modern, cloud-native environments
  • Strong foundation in AppSec fundamentals, including secure design, threat modeling, vulnerability triage, and remediation
  • Ability to independently deliver moderately complex security work end to end
  • Comfortable working across application, cloud, and platform security within a defined scope
  • Ability to write, understand, and review code, including building security automation and validating AI- or low-code-generated solutions
  • Hands-on experience with AWS (required), Kubernetes, and microservices
  • Clear understanding of penetration testing, red teaming, and purple teaming, and when to apply each
Job Responsibility
Job Responsibility
  • Independently drive security work across all phases of the SDLC, from early design and threat modeling through implementation, testing, and release
  • Own delivery of moderately complex security projects or features, adjusting standard approaches as needed to achieve the intended outcome
  • Partner with engineering and platform teams to secure AI-powered and agentic capabilities, ensuring security considerations are built in early rather than bolted on later
  • Conduct focused security assessments of applications, APIs, internal services, and platform components using the appropriate depth and methodology for the risk
  • Contribute to the development and adoption of secure-by-default patterns, guardrails, and paved roads that scale security without increasing friction
  • Operate and improve security tooling by tuning signal quality, reducing noise, and identifying opportunities to improve effectiveness
  • Build or extend security tooling and automation to eliminate manual or repetitive work
  • Clearly communicate risks, tradeoffs, and recommendations to engineering partners in a way that supports informed decision-making
  • Proactively identify gaps or inefficiencies in security processes and suggest practical improvements aligned with team goals
  • Mentor junior engineers and new hires, helping them ramp up effectively and understand how Product Security operates at OutSystems
What we offer
What we offer
  • A company that is always growing, changing, and innovating
  • Real career opportunities
  • Work colleagues that are as smart, hard-working, and driven as you
  • Disrupting the status quo is in our DNA
  • We ask “why” a lot
  • Inclusive culture of diversity
  • Fulltime
Read More
Arrow Right