Application Security Engineer

EMEA

Lodgify

Easily create a website with a “Book Now” function and manage all your reservations from one place with our all-in-one vacation rental software solution.

View company page

⭐ Who we are
Lodgify is not just any startup, we're a fast-growing company leading the vacation rental industry with our innovative software. And we raised $30M to do exactly that!
Our platform empowers property owners and managers to efficiently manage and market their rental businesses online. We are an international team of more than 350 people and over 60 different nationalities, founded in the heart of sunny Barcelona. 
⭐ Role OverviewAre you experienced in SaaS product development and passionate about cybersecurity? We're seeking a skilled Application Security Engineer to enhance our Software Development Life Cycle's security, automate workflows, review code, identify vulnerabilities, and contribute to overall application security. If you're ready to make a significant impact in a fast-paced environment, apply now to join us in safeguarding cutting-edge SaaS products! 

⭐ How will you make an impact?

  • Lead the Implementation of Secure Development Practices: Work on a Secure Software Development Life Cycle (SSDLC) adoption, and integrate security practices into Lodgify’s existing development methodology.
  • Work with our development teams by designing/reviewing technical solutions to avoid security weaknesses.
  • Identify tools and processes needed to implement an application security program.
  • Implement security-focused activities such as threat modeling, secure coding practices, code reviews, and security testing throughout the development process.
  • Educate and encourage developers to follow secure coding best practices.
  • Manage and enhance our existing bug bounty program, taking ownership of the coordination and resolution of vulnerabilities reported by external researchers. Review and understand issues, and provide guidance to our developers on how to fix them.
  • Optimise our WAF protection against common Web Application vulnerabilities and attacks (Cloudflare).
  • Contribute to improving the security of our public API, providing security recommendations and solutions.

⭐ What makes you a great fit?

  • 3+ years of experience in an Application Security Engineer role, preferably in a SaaS company.
  • In-depth knowledge of web application security, including common vulnerabilities, attack vectors, and mitigation techniques.
  • Solid knowledge of OWASP Top 10 and understanding of OWASP testing guide.
  • Demonstrated experience in threat modeling and identifying security issues through code review.
  • Demonstrated experience in deploying SAST and DAST solutions and verifying their results.
  • Proficiency in understanding and analyzing programming languages (e.g. .NET, ReactJS, Flutter, Python, Bash).
  • Familiar with API security tools and processes.
  • Ability to work collaboratively with cross-functional teams, including developers, QAs and DevOps engineers.
  • Able to inculcate security culture among development teams.

⭐ How can you earn extra bonus points?

  • Experience with WAF administration (Cloudflare).
  • Familiar with code management systems, CI/CD, Kubernetes, and microservices architecture.
  • Familiar with managing external penetration testing processes and results.
Why you’ll love us:You’ll be part of a growing, dynamic company with a truly international team. At Lodgify, we are full of contagious energy, hard work, and passion for what we do. We celebrate diversity and are proud to acknowledges a variety of backgrounds, perspectives and skills in our team; committed to creating a workplace where everyone is heard and feels a sense of belonging.
What's in it for you?
🏠 The freedom to work from home.🌴 Enjoy 25 working days of paid vacation and Jornada Intensiva in August.💊 Top-notch Cigna health insurance (includes travel insurance, dental plan, psychologist).😋 Save on meals and transportation! Enjoy our Flexible Remuneration plan.🖥️ Elevate your workspace. We provide a home-office setup allowance to ensure you have everything you need for a productive and comfortable work environment.🎉 Travel to our biyearly team-building events in Barcelona at company's expense.🇪🇸 Free Spanish classes.🤑 Boost your earning potential with our referral program that offers paid compensation.💟 Great culture & working environment with an international team of over 60 different nationalities.
So, what are you waiting for? Apply now!All applications and CVs must be submitted in English 😉
Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: APIs Application security Bash CI/CD Cloudflare DAST DevOps Kubernetes Microservices OWASP Pentesting Python SaaS SAST SDLC Vulnerabilities

Perks/benefits: Flex hours Flex vacation Gear Health care Home office stipend Salary bonus Startup environment Team events

Regions: Africa Europe Middle East
Job stats:  12  4  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.