Application Security Engineer

Overview:

SOFTSWISS is looking for Application Security Engineer to join our team. SOFTSWISS security team takes care of iGaming services protection, data privacy, and business continuity to ensure that nothing distracts satisfied customers from using our products. We work closely with the IT team that develops and supports our services, and together we create genuinely excellent and secure iGaming products.

Purpose of the role:

Our goal is to make sure that we deploy secure software to production without unnecessary bottlenecks, that applications are properly hardened, and security vulnerabilities, once discovered, are fixed by the developers.

As an Application Security Engineer, you will play a crucial role in ensuring the security of our applications throughout the entire software development lifecycle (SDLC). You will partner closely with the product teams to identify, analyze, and mitigate security vulnerabilities, contributing to the creation of trustworthy and robust products.

Key responsibilities:

• Partner with product teams during the design phase to lead threat modeling and risk assessments sessions, translating complex security threats into clear, actionable security requirements.
• Perform in-depth manual code reviews on critical applications to identify complex logical vulnerabilities as part of white-box security assessment.
• Plan, design, implement, automate and (if you wish) support AppSec tools.
• Contribute to building a company-wide processes for secure code development and deployment.
• Triage identified security vulnerabilities, provide clear and actionable descriptions and ensure these findings are properly addressed and mitigated.
• Manage the bug bounty program, collaborate with researches and internal teams to resolve the discovered vulnerabilities.
• Partner with Dev/QA teams throughout the development lifecycle to enhance the application’s security posture by providing expert consulting, continuous knowledge sharing, and actionable security guidance.

Required Experience:

• 2+ years of experience in application security.
• Knowledge of secure development processes and best practices.
• Deep understanding of web application security mechanisms (i.e., how the web actually works? What is SOP and why do we need CORS? What is CSP?).
• Deep understanding of common web application vulnerabilities (i.e., OWASP Top 10), and the most effective ways to prevent them.
• Knowledge of secure system/application architecture and design principles.
• Understanding of modern threats to high-performance web applications that is used by millions of users daily.
• Understanding of modern authentication/authorisation patterns (OAuth, OIDC, JWT, etc.)
• Practical hands-on expertise in identifying vulnerabilities through security assessment and secure code review, coupled with the ability to perform deep root-cause analysis to drive systemic fixes.
• University degree in Computer Science, Information Security, or related field, or equivalent combination of education and experience.
• Intermediate or higher English level.

Nice to have:

• Passion about programming.
• Technical knowledge of network and operating systems security.
• Hands-on DevSecOps experience.
• Practice of participation in bug bounty programs and/or CTFs.
• Deep knowledge of SAST/DAST tools, including customisation.
• Relevant certifications (i.e., OSWE, GWEB, etc.).