Application Security Engineer
worldwide
ABOUT THE ROLE
As an Application Security Engineer at Yassir, you will play a vital role in ensuring the security of our software applications. You will be responsible for identifying and mitigating security vulnerabilities, implementing security best practices, and working closely with our development teams to integrate security into all phases of the software development lifecycle.
What you’ll be doing:
- Security Analysis & Vulnerability Assessment: Conduct regular security assessments and penetration tests on Company products. Identify vulnerabilities and security gaps in existing applications and propose remediation solutions.
- Vulnerability Management: Lead the development and implementation of a comprehensive vulnerability management program. This includes continuous monitoring, analysis, and prioritization of vulnerabilities discovered in applications.
- Security Automation: Implement and maintain security tools and processes to automate the detection of security vulnerabilities. Integrate security tools into the CI/CD pipeline. Security tools to be considered (not limited to): Static code analysis (mainly Python and TypeScript); Dynamic code analysis and scanning for vulnerabilities using Burp Suite and OWASP ZAP; Software composition analysis.
- Establishing security controls in SDLC: Work with the development team to ensure secure coding practices are implemented. Provide training and guidance on security best practices and emerging threats. Conduct threat modeling, architecture review and consult development teams when making architecture decisions. Develop security requirements at the early stages of the product life cycle.
- Incident Response: Participate in the response to security incidents, including performing post-mortem analysis and recommending preventive solutions.
- Compliance and Standards: Ensure applications comply with industry standards and regulations such as OWASP, GDPR, SOC 2 and ISO 27001.
- Collaboration and Communication: Collaborate with cross-functional teams to promote a culture of security awareness. Communicate effectively with both technical and non-technical stakeholders.
About your experience
- Understanding of architecture and working principles of modern applications.
- Experience with GCP cloud security.
- Strong knowledge of security principles, techniques, and protocols (e.g., OWASP Top 10, SSL/TLS, etc.).
- 5+ years of working experience as Application Security Engineer or in a similar position (Penetration testing, Red Team, Bug Bounty etc.).
- Strong knowledge of at least one scripting language (Python, PowerShell, bash).
- Excellent problem-solving and communication skills.
- English: B2 Upper-Intermediate
WHY YOU SHOULD JOIN YASSIR
- Join one of the fastest-growing tech companies in North Africa
- Have a lasting impact on our company's culture
- Make a real impact on the world by helping us bring affordable financial and on-demand services to millions of Africans
- Work on some really hard technical challenges from identity infrastructure for Africans, digital payment networks to complex mapping and routing systems across the continent.
- We are the first Algerian startup to go through Y Combinator program and we’re backed by top investors including Unpopular Ventures, Rebel Fund and DainTree.VC
Nice-to-Have Skills:
- Relevant information security certifications: CEH, OSCP, OSCE, LPT, etc.
- Knowledge of/experience with international information security standards and personal data protection standards: ISO 27XXX, PCI DSS, GDPR, etc.
- Knowledge of/experience with information security standards and frameworks: OAuth, WS-Security, X.509, SSL/TLS, etc.
- Bachelor's degree in Computer Science, Information Security, or related field.
- Experience in CTF or bug bounty programs.
- Knowledge of DevSecOps practices and tools.
- Experience in web or mobile apps development.
- Experience with Python applications security assessment.
Don't just apply for a job, come and be a part of our journey. Let's create a better tomorrow together.
We look forward to receiving your application!
Best of luck,Your Yassir TA Team
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation Bash Burp Suite CEH CI/CD Cloud Code analysis Compliance Computer Science CTF DevSecOps GCP GDPR Incident response ISO 27001 Monitoring OSCE OSCP OWASP PCI DSS Pentesting PowerShell Python Red team Scripting SDLC Security analysis Security assessment SOC SOC 2 TLS TypeScript Vulnerabilities Vulnerability management
Perks/benefits: Career development Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs