Application Security Engineer

Company Description

Work smart, have fun and make an impact!

Our purpose is to guide all companies toward a sustainable world. EcoVadis is the leading provider of business sustainability ratings. Our solutions are backed by an international team of experts and powerful technology. We analyze data and build sustainability scorecards that give companies actionable insights into their environmental, social and ethical risks.

Why apply to EcoVadis?

Be a part of the global sustainability change in business. Grow your career. Work with extraordinary people. Feel valued for your contribution.

Learn more about our team and culture on EcoVadis careers page

If you have questions about the company or open roles you can Chat with an insider

Job Description

Our IT Security team is looking for an Application Security Engineer to help our effort in protecting our corporate products and services, our internal solutions and the data managed by EcoVadis. 

You will be part of the team that collaborates in all areas of our Secure Software Development Lifecycle (SSDLC), with a predominant focus on enhancing the security of our code, ensuring that our developers follow the best practices to avoid vulnerabilities, promote automation inside the SSDLC, and collaborate with the team in executing different tests and reviews with a technical approach.

You will have the opportunity to make a significant impact and contribute to the overall success of our company.

This role will include the following responsibilities:

• Integrate SAST into SDLC:
  • Perform and maintain code analysis using one of industry-recognized SAST tools;
  • Exhibit knowledge and ability to integrate code scanning into the SSDLC (e.g. understand the basics of the code life-cycle and CI/CD platforms);
  • Understand the code to find and fix flaws that developers may have missed and help in the identification of false positives;
  • Help the engineering teams fix security issues, and mentor them to improve their security expertise.
• Conduct web application penetration tests:
  • Perform manual and automated application vulnerability assessments, document identified vulnerabilities and provide recommendations for remediation;
  • Exhibit knowledge and ability to perform industry standard web application penetration testing methods, including OWASP guides;
  • Plan and create penetration methods, scripts and tests, as well as to simulate security breaches in a secure manner.
• General Security Engineer responsibilities:
  • Ability to analyze security issues (both white-box and black-box), determine its cause and impact to the business, and identify the corrective action needed to eliminate and prevent the event from materializing in the future;
  • Work with IT Security team members and the development teams to design mitigation strategies for identified weaknesses, including the prioritization and contextualization of vulnerabilities;
  • Contribute to and help to further develop application security frameworks and standards;
  • Present your findings, risks and conclusions to different stakeholders (technical and non-technical);
  • Assist with other organization security projects and tasks as required;
  • Support the development and growth of Application Security practices and tools in the company;
  • Drive the efforts to automate operational security.

Qualifications

• A minimum of 3 years of professional experience in application security, penetration testing, or static code analysis;
• Proven track record of conducting successful penetration tests and security assessments on web applications or other software systems;
• Strong experience with static and dynamic code analysis tools and techniques, including code review and identifying code-level vulnerabilities;
• Familiarity with DevSecOps practices and integrating security into CI/CD pipelines;
• Experience with tools and frameworks commonly used in application security testing, such as Burp Suite, Kali linux, Metasploit, etc.;
• Familiarity with various programming languages (e.g., C#, Python, JavaScript, Java) and ability to understand and review code for security vulnerabilities;
• Proficiency in identifying, exploiting, and mitigating common security vulnerabilities (e.g., OWASP Top Ten) in web applications and APIs;
• Understanding of network protocols, operating systems, and databases, and their security implications;
• Basic knowledge of cloud security concepts and best practices (e.g., AWS, Azure, Google Cloud);
• Understanding of cryptography principles and secure authentication and authorization mechanisms;
• Ability to work independently;
• Ability to conduct research about areas unknown to him/her, and use that knowledge to deliver security guidelines and propose improvements;
• Open to work in an international, multilingual environment;
• Proficient in English (oral and written);
• Professional certification (e.g. OSCP or OSWE) is a plus;
• Hands-on experience with Google Workspace is a plus.

Additional Information

Location: Preffered Barcelona, remote from Spain

Our growing team in Spain is full of talented professionals from various fields who all share a desire to make sustainability real.

We offer competitive salaries and support personal growth from day one.

This includes extensive onboarding, teammates' support and a brand new e-learning platform bursting with courses and modules. So you can learn new skills and fine-tune old ones! In return for your expertise and energy, we offer:

Working organization benefits:

• Casual and very friendly work environment Hybrid work organization (from the office or from home)
• Flexible working hours
• Home office allowance program IT equipment allowance
• Working from anywhere policy (3 months per year)
• Opportunity to work in a truly international atmosphere

Compensation benefits:

• Base salary + variable compensation plan
• Meals and Transportation Vouchers (Cobee card)

Wellness and Healthcare benefits:

• Health, Wellness, and Dental Benefits

More:

• Employee referral bonus policy
• Paid employee volunteer day Paid moving day ( 1/year)
• Access to online learning library Virtual and in-person team building events
• Co working space with various services + opportunity to work in different locations (Europe and International)

Our hiring team looks forward to reviewing your CV, in English, with a guaranteed response to every application.

A new job with purpose awaits you!

Don’t fit all the criteria but still think you’d be a good candidate?

Please apply anyway to give our hiring team the opportunity to assess your skills and to learn more about what you could bring to EcoVadis. We’re interested in hiring capable people, regardless of professional and educational background.

Can the hiring process be adjusted to suit my needs? Yes.

We want everyone going through the hiring process with EcoVadis to feel confident that you are able to demonstrate your full potential. We welcome applications from disabled people, people with long-term health conditions, and neurodiverse candidates. If you need any adjustments, including the provision of interview questions, please let the hiring team know.

Our team’s strength comes from everyone’s uniqueness and is founded upon mutual respect.

EcoVadis commits to equity, inclusion and reducing bias in our hiring processes. EcoVadis does not accept any form of discrimination based on color, national or ethnic origin, ancestry, citizenship, religion, beliefs, age, sex, gender identity, sexual orientation, neurodiversity, disability, parental status, or any other protected characteristic that makes you unique. In your application, we encourage you to remove personal information such as: photographs, marital status, number of children, religion, gender, residential postal code, university graduation date, past medical or parental leave(s) taken, nationality (instead, please state if you are legally eligible to work in the job region/country), university name (instead, please state any degrees obtained and the study major).