CrawlJobs Logo
Medius Logo Medius · IT - Software Development

Web Application Security Engineer

Tunisia, Tunis · Job Posted June 14, 2026
Apply Position
Job Link Share

Job Description

Our security team is looking for a Web Application Security Engineer to help assure our customers that we design and implement our AI-enabled applications to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and helping our developers address security issues, elevate our application security maturity, building security automation, and fast reacting to new threat scenarios. A successful candidate must adopt constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to participate fully in the planning of our development teams' work and constantly seek opportunities for process improvement. You will need a combination of troubleshooting, technical, and communication skills. This role will provide career growth opportunities as you gain new skills in the course of your duties in securing top-tier AI-powered solutions.

Job Responsibility

  • Security by design product features review
  • DevSecOps enforcement
  • Threat modelling
  • SAST and DAST scanning
  • Penetration testing
  • Security training and outreach to development teams
  • Secure development guidance documentation
  • Security tools assessment and development
  • Document security assessments, test results, and remediation plans for internal and external stakeholders
  • Provide regular reports on the security posture of web applications, including vulnerability metrics and risk assessments.

Requirements

  • Engineering degree in Computer Science or related field, or equivalent work experience.
  • Minimum of 5 years of experience with any combination of the following: threat modeling experience, secure coding, pentesting, identity management and authentication, software development, system and network security, authentication and security protocols, cryptography, and application security
  • Strong understanding of web application vulnerabilities and remediation (OWASP Top10, OWASP Top 10 for LLM, OWASP Top 10 for API, SANS/CWE Top 25)
  • Proven experience in conducting security assessments, penetration testing, and vulnerability management for web applications

Nice to have

  • Experience implementing application security frameworks like SAMM and BSIMM
  • An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
  • An understanding of web services
  • Experience with multiple programming languages such as C#, Python, etc.
  • Excellent critical thinking skills with an initiative-taking approach to identifying and mitigating security risks
  • Effective communication and collaboration skills to work effectively with cross-functional teams
  • Diligence and the ability to manage multiple tasks and priorities in a demanding environment
Medius - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Web Application Security Engineer

8 matching positions

Senior Security Engineer, Application Security

We are hiring a Senior Application Security Engineer to join Turnkey's team and ...
Location
Location
Salary
Salary:
Not provided
turnkey.com Logo
Turnkey
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelors degree in Computer Science, Engineering, or a related field
  • 5+ years of experience in application or product security, ideally in fast-moving, high-impact or crypto-native environments
  • Strong understanding of web, mobile, and cryptographic security fundamentals (e.g. OWASP Top Ten, SANS/CWE Top 25)
  • Proficiency in programming and scripting languages (Typescript/Javascript, Go, Rust) and experience building secure systems from the code up
  • Hands-on experience with security testing tools and methodologies (static/dynamic analysis, pen testing, etc.)
  • Strong understanding of cloud, containerized, and runtime environments (AWS, GCP, Docker, Kubernetes), with the ability to embed security early in the SDLC
  • Excellent analytical, problem-solving, and communication skills, with a collaborative mindset for partnering across product and infrastructure teams
  • Curious, proactive, and passionate about building secure, reliable systems in a fast moving startup environment
  • A builder mentality
  • comfortable operating with ambiguity, tackling incomplete systems, and applying hands-on engineering experience to security challenges.
Job Responsibility
Job Responsibility
  • Partner with Product and Engineering at both the design and development stage to ensure that we implement new features securely, including (but not limited to): Participating in the implementation efforts
  • Doing security reviews
  • Helping with product design decisions
  • Auditing and surfacing vulnerabilities in our current products
  • Conducting threat modeling and security assessments for new features and systems, identifying risks early and shaping secure architectural decisions
  • Developing and improving our Automated Tooling: further enhancing our automated tooling to scale our product security capabilities and find potential code problems both before and after we deploy
  • Making the safe way, the easy way: work on defining and building application guardrails so that developers can build securely by default
  • Investigating and remediating security issues, including vulnerabilities and incidents, and drive long-term improvements to prevent recurrence
  • Embedding a culture of secure development across engineering, defining practices that influence how Turnkey builds, deploys, and maintains systems at scale.
What we offer
What we offer
  • Full benefits, including medical, dental, vision, life, disability, HSA/FSA, 401(k)
  • Paid parental leave
  • Unlimited PTO
  • $3,000/yr learning and development budget to attend industry conferences
  • Multiple team offsites per year
  • Macbook Pro laptop
  • Lunch stipend (for those physically in the New York City office)
  • Fulltime
Read More
Arrow Right

Security Engineer, Application Security

Figure is an AI Robotics company developing a general purpose humanoid. Our huma...
Location
Location
United States , San Jose
Salary
Salary:
150000.00 - 350000.00 USD / Year
figure.ai Logo
Figure
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in several of the following application security domains: penetration testing, vulnerability research, security assessment, secure coding practices, security architecture & design, hardware security
  • Strong software engineering (not scripting or automation) skills in C/C++, Rust, Golang, Python or similar
  • Experience with securing embedded systems, including secure boot, secure identity, OTA, or others
  • Solid foundation in web security, mobile security, or cryptography
  • Ability to collaborate with internal and external stakeholders whilst prioritizing tasks and work independently under minimal supervision.
  • BS in Computer Science, Engineering, Information Systems, or equivalent years of experience in a related technical field
  • 3+ years of experience in the field of application security or related security role
  • Passion for learning and helping others
  • Excellent verbal and written communication skills, with high attention to detail
Job Responsibility
Job Responsibility
  • Conduct security assessments of applications, embedded systems, back-end services, and business integrations, as well as build tooling for a secure development lifecycle
  • Design technical solutions to mitigate security weaknesses on the robot and our service stack. Work with teams across the company to implement them.
  • Build frameworks and systems to prevent classes of vulnerabilities
  • Hunt for vulnerabilities and insecure coding patterns on our product stack (backend services and robot internal systems)
  • Be a champion for security and user privacy
  • Fulltime
Read More
Arrow Right

Security and Application Security Engineer

Beacon Technologies is seeking a Security and Application Security Engineer. The...
Location
Location
United States , Las Vegas
Salary
Salary:
Not provided
beacontechinc.com Logo
Beacon Technologies
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of five years of Information Security experience with at least two years of application-level security
  • Strong communication skills: ability to convey and document security guidelines, requirements, and coding best practices
  • Familiarity with Security Best Practices in common coding languages
  • Application Penetration Testing / API Security Testing
  • Software Development Life Cycle Design and Implementation
  • Static and Dynamic Application Testing Tools and Methods
  • Container and orchestration security (Kubernetes, Docker, Octopus, GitHub, etc.)
  • Familiarity with Application Security Testing Frameworks such as OWASP
  • Strong logical and analytical thinker
  • exceptional skills in security systems solutions
Job Responsibility
Job Responsibility
  • Operate as a liaison between the Security Team and the Development Teams
  • Preserve PCI and SOX Security Certification programs with a primary focus on ensuring compliance with the appropriate industry standards and security controls
  • Supporting incident response and architecture review whenever applications security expertise is needed
  • Integrating threat modeling practices into the SDLC
  • Work with other staff to perform periodic scans and evaluation of system security including areas such as patch management, penetration testing, vulnerability assessments, and other types of InfoSec-related tasks
  • Assist in identifying and communicating security exposures, information security incidents or non-compliance situations to IT management or the CISO as appropriate. Duties may also include collecting and documenting cyber security and incident response event data as necessary.
What we offer
What we offer
  • Career advancement opportunities
  • extensive training
  • excellent benefits including paying for health and dental premiums for salaried employees.
  • Fulltime
Read More
Arrow Right

Senior Application Security / Product Security Engineer

We are seeking an experienced Application Security / Product Security Engineer t...
Location
Location
India , Mumbai
Salary
Salary:
Not provided
Galaxy Office Automation Pvt. Ltd.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong understanding of Application Security and Product Security principles
  • Experience with secure SDLC practices
  • Hands-on experience performing security testing for Web applications, APIs, Mobile apps, Thick client applications
  • Knowledge of cloud platforms (AWS / Azure / GCP) and cloud security architecture
  • Experience performing security design reviews and threat modeling
  • Familiarity with OWASP Top 10, API Security Top 10, and common vulnerability classes
  • Experience using security tools such as SAST, DAST, SCA
  • API testing tools
  • Good working knowledge of Excel for tracking vulnerabilities, metrics, and reporting
  • Strong task management and stakeholder coordination skills
Job Responsibility
Job Responsibility
  • Integrate security practices into the Software Development Lifecycle (SDLC)
  • Perform application security design reviews for new and existing products
  • Conduct manual and automated security testing of Web applications, REST / GraphQL APIs, Mobile applications (Android / iOS), Thick client / desktop applications
  • Identify vulnerabilities such as OWASP Top 10, authentication issues, authorization flaws, and API security risks
  • Review cloud architecture and deployments (AWS, Azure, GCP) for security best practices
  • Work with development teams to prioritize and remediate vulnerabilities
  • Perform threat modeling and security architecture assessments
  • Track vulnerabilities, remediation status, and risk metrics using Excel or vulnerability management tools
  • Support secure coding practices and developer security awareness
  • Manage multiple security assessments and coordinate tasks across teams
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

We’re looking for a senior-level security expert to lead proactive security desi...
Location
Location
Poland , Poland
Salary
Salary:
Not provided
airswift.com Logo
Airswift Sweden
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years in offensive and defensive security roles, with long-term project experience
  • Proven expertise in penetration testing (especially web applications) and threat modelling
  • Strong programming/scripting skills, particularly in Python
  • Deep knowledge in at least one core security domain (e.g., cryptography, secure architecture, authentication)
  • Excellent communication skills in English.
Job Responsibility
Job Responsibility
  • Lead security architecture reviews and conduct in-depth threat modelling for new products and infrastructure
  • Perform hands-on penetration testing and security assessments to uncover and validate vulnerabilities
  • Research emerging threats and develop mitigation strategies to stay ahead of evolving attack vectors
  • Collaborate with engineering teams to embed security into the development lifecycle (DevSecOps).
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

We are seeking an experienced Application Security Engineer to join our team tha...
Location
Location
Egypt , Cairo
Salary
Salary:
Not provided
coca-colahellenic.com Logo
Coca-Cola HBC
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years in information security and 2+ years in software development
  • Bachelor’s degree in computer science, Information Security, or related field, or equivalent
  • At least one Cyber Security related certification, (e.g. ISC2 CISSP, EC-Council CEH, ISACA’s CSX, Microsoft Azure Security Associate, AWS Certified Security Specialty)
  • Any Application Security certification, (e.g. EC-Council CASE, ISC2 CSSLP, OffSec OWSA, GIAC CWAD)
  • Dedicated and proactive, finding opportunities and leading initiatives independently
  • Deep understanding of enterprise, cloud and cloud-native architectures and their secure design
  • Skilled in multiple programming languages (e.g., .NET, JavaScript, Python)
  • Proven expertise in guiding security development and code evaluations and providing actionable, risk-based technical recommendations
  • Knowledge of application security best practices such as OWASP Top 10, OWASP SAMM/DSOMM, OWASP ASVS/MASVS
  • Expertise in network and web protocols (TCP/IP, TLS, HTTPS, OAuth 2.0, OpenID Connect) and common attack vectors
Job Responsibility
Job Responsibility
  • Advance the application security strategy through multi-functional initiatives and cultural influence
  • Lead security initiatives across the SDLC and improve development practices through scalable automation
  • Conduct and guide security requirements and threat modeling early in design phases
  • Partner with product management, platform engineering, development and cyber defense teams to align business goals with security needs
  • Lead security architecture, design and code reviews
  • Perform hands-on security testing to identify risks and drive remediation with development teams
  • Drive software supply chain security practices to ensure protection against code, build, and artifact tampering across the CI/CD pipeline
  • Balance business and security risks through technically grounded, pragmatic recommendations
  • Translate lessons learned into reusable organizational assets that enhance overall security posture
  • Mentor engineers and practitioners, promoting secure-by-default thinking and shared accountability
What we offer
What we offer
  • Coaching and mentoring programs
  • Development opportunities
  • Equal opportunity employer
  • Learning programs
  • Work with iconic brands
  • Supportive team
  • Volunteering Opportunities
  • Wellbeing program
  • Fulltime
Read More
Arrow Right

Network Security Engineer (Web Proxy)

We are seeking a Network Security Engineer to serve as a Subject Matter Expert (...
Location
Location
United States , Irving
Salary
Salary:
115000.00 USD / Year
realign-llc.com Logo
Realign
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Technical expertise and hands-on experience with enterprise-grade Firewall platforms (e.g., Palo Alto Networks, Check Point, Cisco ASA/FTD)
  • Knowledge and practical experience with Web Proxy solutions (e.g., Zscaler, Forcepoint/Websense, Blue Coat/Symantec ProxySG)
  • Understanding of network protocols (TCP/IP, DNS, HTTP/S, VPNs) and network security concepts (e.g., IDS/IPS, VPN, NAT, load balancing)
  • Proficiency in analyzing network traffic and logs to identify security incidents, troubleshoot connectivity issues, and optimize performance
  • Experience with scripting (e.g., Python, PowerShell) for automation of security tasks is a plus
  • Excellent problem-solving, analytical, and diagnostic capabilities
  • Strong communication and interpersonal skills, with the ability to articulate complex technical concepts clearly to diverse audiences
  • Ability to work independently as an SME and as part of a larger technical team
  • English fluency (oral and written)
  • Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related engineering field
Job Responsibility
Job Responsibility
  • Act as the primary SME for all Web Proxy (e.g., Zscaler, Forcepoint, Blue Coat) and Firewall (e.g., Palo Alto Networks, Check Point, Cisco ASA) rule sets and configurations
  • Design, implement, and maintain complex firewall rules and web proxy policies to enforce security controls and meet divestiture requirements
  • Perform routine maintenance, updates, and optimization of existing web proxy and firewall rules, ensuring adherence to security best practices and compliance standards
  • Provide advanced troubleshooting and incident response support for network security issues related to web proxy and firewall configurations
  • Collaborate with network engineering, application, and security operations teams to ensure proper integration and functionality of security devices during the divestiture process
  • Assist in the planning and execution of network segmentation and access control list (ACL) migration strategies for separating entities
  • Develop and maintain comprehensive documentation for network security configurations, policies, and operational procedures
  • Participate in security audits and provide expert guidance on web proxy and firewall capabilities
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

We're hiring a Senior Application Security Engineer to join a small, high-levera...
Location
Location
United States , Remote
Salary
Salary:
180000.00 - 210000.00 USD / Year
qualia.com Logo
Qualia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of hands-on experience in application security, offensive security, or security engineering, with demonstrable depth in at least two of: offensive testing, security tooling/automation, and cloud/infra security
  • Strong offensive skills - you can manually exploit real web and API vulnerabilities beyond what a scanner will find, and you can teach others to do the same
  • Deep familiarity with building and operating security tooling in a modern engineering org: SAST/DAST/SCA pipelines, custom detection rules, secrets scanning, and CI/CD security gates. You've written tooling, not just configured it
  • Production experience with AWS (IAM, VPC, networking, data services), containerized workloads (Docker, Kubernetes/EKS), and infrastructure-as-code (Terraform or similar)
  • Comfort reading, reviewing, and contributing code in at least one language common to modern web stacks (Python, Go, Ruby, TypeScript, or similar)
  • Clear, direct communication style. You can make a sharp technical argument to senior engineers, translate risk into business terms for leadership, and write a bug report an engineer actually wants to fix
  • Strong partnership instincts - you get leverage by making other teams faster, not by blocking them
Job Responsibility
Job Responsibility
  • Run offensive assessments against Qualia's applications and infrastructure: manual penetration testing, exploit development, authenticated web/API testing, and adversarial review of new designs before they ship
  • Lead threat modeling and secure design review for the highest-risk initiatives across the company, and mentor engineers to do the same for their own work
  • Own and evolve our AppSec tooling stack end-to-end - SAST, DAST, SCA, secret scanning, IaC scanning, and the CI/CD gates that tie them together. Build the custom rules, detections, and automation that generic tooling doesn't give us
  • Harden our cloud posture: review AWS configurations, IAM policies, Kubernetes/EKS workloads, and networking boundaries
  • build automation and guardrails that prevent the same class of issue from recurring
  • Reduce toil for the team - write the tools, scripts, and integrations that turn a day of triage into a few minutes
  • Partner with Infrastructure and Platform on detection engineering, incident response support, and cross-cutting programs (secrets management, supply chain, runtime security)
  • Set the technical bar for the AppSec team: raise the quality of reviews, establish patterns others can reuse, and mentor peers across seniority levels
  • Represent AppSec in architectural reviews, vendor evaluations, and compliance efforts
What we offer
What we offer
  • comprehensive health plans
  • 401k program
  • commuter benefits
  • professional development
  • parental leave
  • flexible time off policy
  • robust online onboarding program
  • biweekly all hands meetings
  • a variety of internal virtual events to keep employees connected
  • Fulltime
Read More
Arrow Right