Application Security Engineer
EMEA
Lodgify
Easily create a website with a “Book Now” function and manage all your reservations from one place with our all-in-one vacation rental software solution.Lodgify is not just any startup, we're a fast-growing company leading the vacation rental industry with our innovative software. And we raised $30M to do exactly that!
Our platform empowers property owners and managers to efficiently manage and market their rental businesses online. We are an international team of more than 350 people and over 60 different nationalities, founded in the heart of sunny Barcelona.
⭐ Role OverviewAre you experienced in SaaS product development and passionate about cybersecurity? We're seeking a skilled Application Security Engineer to enhance our Software Development Life Cycle's security, automate workflows, review code, identify vulnerabilities, and contribute to overall application security. If you're ready to make a significant impact in a fast-paced environment, apply now to join us in safeguarding cutting-edge SaaS products!
⭐ How will you make an impact?
- Lead the Implementation of Secure Development Practices: Work on a Secure Software Development Life Cycle (SSDLC) adoption, and integrate security practices into Lodgify’s existing development methodology.
- Work with our development teams by designing/reviewing technical solutions to avoid security weaknesses.
- Identify tools and processes needed to implement an application security program.
- Implement security-focused activities such as threat modeling, secure coding practices, code reviews, and security testing throughout the development process.
- Educate and encourage developers to follow secure coding best practices.
- Manage and enhance our existing bug bounty program, taking ownership of the coordination and resolution of vulnerabilities reported by external researchers. Review and understand issues, and provide guidance to our developers on how to fix them.
- Optimise our WAF protection against common Web Application vulnerabilities and attacks (Cloudflare).
- Contribute to improving the security of our public API, providing security recommendations and solutions.
⭐ What makes you a great fit?
- 3+ years of experience in an Application Security Engineer role, preferably in a SaaS company.
- In-depth knowledge of web application security, including common vulnerabilities, attack vectors, and mitigation techniques.
- Solid knowledge of OWASP Top 10 and understanding of OWASP testing guide.
- Demonstrated experience in threat modeling and identifying security issues through code review.
- Demonstrated experience in deploying SAST and DAST solutions and verifying their results.
- Proficiency in understanding and analyzing programming languages (e.g. .NET, ReactJS, Flutter, Python, Bash).
- Familiar with API security tools and processes.
- Ability to work collaboratively with cross-functional teams, including developers, QAs and DevOps engineers.
- Able to inculcate security culture among development teams.
⭐ How can you earn extra bonus points?
- Experience with WAF administration (Cloudflare).
- Familiar with code management systems, CI/CD, Kubernetes, and microservices architecture.
- Familiar with managing external penetration testing processes and results.
What's in it for you?
🏠 The freedom to work from home.🌴 Enjoy 25 working days of paid vacation and Jornada Intensiva in August.💊 Top-notch Cigna health insurance (includes travel insurance, dental plan, psychologist).😋 Save on meals and transportation! Enjoy our Flexible Remuneration plan.🖥️ Elevate your workspace. We provide a home-office setup allowance to ensure you have everything you need for a productive and comfortable work environment.🎉 Travel to our biyearly team-building events in Barcelona at company's expense.🇪🇸 Free Spanish classes.🤑 Boost your earning potential with our referral program that offers paid compensation.💟 Great culture & working environment with an international team of over 60 different nationalities.
So, what are you waiting for? Apply now!All applications and CVs must be submitted in English 😉
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security Bash CI/CD Cloudflare DAST DevOps Kubernetes Microservices OWASP Pentesting Python SaaS SAST SDLC Vulnerabilities
Perks/benefits: Flex hours Flex vacation Gear Health care Home office stipend Salary bonus Startup environment Team events
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open SQL-related jobs
- Open PowerShell-related jobs