Application Security / Product Security Engineer

We are looking for an Application Security / Product Security Engineer to support and improve security processes across the software development lifecycle (SDLC) and CI/CD environments for our client.

In this role, you will work closely with engineering teams to help implement and maintain security controls, improve vulnerability management processes, support compliance initiatives, and strengthen secure development practices across modern software delivery pipelines.

Responsibilities:

• Support Software Composition Analysis (SCA) processes and open-source license compliance activities
• Help implement and maintain secret detection practices, including pre-commit hooks and CI/CD secret scanning
• Participate in vulnerability management activities:
  • vulnerability scanning
  • triage and prioritization
  • Jira ticket tracking
  • remediation follow-up and SLA monitoring
• Collaborate with engineering teams to improve Secure SDLC and CI/CD security practices
• Support security tooling integrations within CI/CD pipelines (e.g., GitHub Actions)
• Maintain security-related documentation and assist with audit/compliance activities
• Contribute to asset inventory and security governance processes
• Work with development and infrastructure teams to improve overall security posture

Requirements:

• 2–5 years of experience in Application Security, Product Security, DevSecOps, Security Operations, or related cybersecurity roles
• General understanding of Secure SDLC and application security principles
• Experience working with security tools or processes related to vulnerability management, CI/CD security, or dependency/security scanning
• Familiarity with Jira or similar ticketing/tracking systems
• Understanding of common application security risks and vulnerabilities
• Ability to document processes and communicate effectively with technical teams
• English skills sufficient for technical communication and participation in project discussions

Nice to Have:

• Hands-on experience with SCA tools such as FOSSA, Snyk, Mend, Black Duck, or similar
• Familiarity with open-source license compliance processes
• Experience with secret detection tools, pre-commit hooks, or CI/CD secret scanning
• Experience integrating security controls into GitHub Actions or other CI/CD platforms
• Familiarity with vulnerability remediation workflows and SLA tracking
• Experience with asset inventory tools such as NetBox
• Experience supporting audits or compliance initiatives (ISO 27001, SOC 2, etc.)
• Familiarity with SAST, DAST, container scanning, or cloud security tooling
• Experience working in cloud-native or Kubernetes environments

We offer:

• Projects for such clients as PayPal, Wargaming, Xerox, Philips, adidas and Toyota
• Competitive compensation that depends on your qualification and skills
• Career development system with clear skill qualifications
• Flexible working hours aligned to your schedule
• Options to work remotely
• Compensation for medical expenses
• English courses online
• Corporate parties and events for employees and their children
• Internal conferences, workshops and meetups for learning and experience sharing
• Gym membership compensation, corporate sport competitions (cybersport included)
• 5 days of paid sick leave per year with no obligation to submit a sick-leave certificate