Senior Application Security Engineer

Propel

EMEA

Remote

Intermediate

posted 2 hours ago

About Propel

We help businesses access the best talent in order to achieve their goals. In an increasingly digital world, we provide a human touch, building long-lasting relationships and trust, through absolute transparency.

The Role

We are seeking a Senior Application Security Engineer to enhance our security team. In this role, you will be instrumental in developing and refining our application security program by setting secure development standards and integrating security into the software development lifecycle (SDLC). You will collaborate closely with development, DevOps, and DevSecOps teams to ensure that security is prioritized from the beginning, facilitating the creation of robust and secure applications.

Responsibilities

  • Configure and utilize tools such as SAST, DAST, IAST, and RASP.
  • Manage vulnerabilities by maintaining systems and ensuring they are secure.
  • Review open-source code for security vulnerabilities (OSA/SCA).
  • Conduct and enhance code security reviews.
  • Strengthen API security (REST, GraphQL).
  • Perform threat modeling (STRIDE, PASTA, etc.) for new features.
  • Launch and manage the bug bounty program.
  • Develop a "Security Champions" initiative across engineering teams.
  • Collaborate with external teams on penetration testing.
  • Share your security expertise with the wider team.

Requirements

  • Minimum of 5 years in Application Security or a related security role.
  • Proficient with SAST/DAST/IAST/RASP tools, particularly Snyk and/or Acunetix.
  • Practical experience with vulnerability management and threat modeling (STRIDE, PASTA).
  • Experience in launching or managing a bug bounty program.
  • Familiarity with penetration testing or collaboration with pentest teams.
  • Strong knowledge of OWASP standards (ASVS, WSTG, etc.) and SSDLC principles.
  • Expertise in API security (REST, GraphQL).
  • Ability to read and understand code in PHP, JS, Go, C#, and C++ (especially Unity for desktop/mobile).
  • Comprehensive understanding of application and infrastructure security.

Nice to Have

  • Security certifications such as OSCP, GWEB, CSSLP.
  • Experience with Unity/game engine security.
  • Familiarity with cloud security (AWS, AliCloud).
  • Knowledge of integrating security checks into CI/CD pipelines (GitHub Actions).
  • Experience in building a Security Champions program.

This is a fully remote position, and candidates must be permanently residing and authorized to work in Germany, France, or the United Kingdom.

Required skills

Software Development

JS

Owasp

AWS

Unity

Github

CI/CD Pipelines

GraphQL

devops

Api

SDLC

PHP

English level

Fluent

Still searching manually?

Let us do the work for you.

Tota works for you

We scan thousands of jobs daily and notify you when there is a match. No searching needed.

Anonymous, safe and free

Your profile stays anonymous. Your employer will not see it. You choose when to become visible.

Ready in 3 minutes

Answer a few questions and create your profile in minutes. No commitment.

About TotaMatch

TotaMatch helps professionals find work that truly fits their work happiness. We believe work is more than just an income. It is a source of fulfillment, growth, and pride. Instead of endlessly scrolling through job boards, TotaMatch works for you. Our platform continuously analyzes thousands of opportunities and identifies roles that align with what truly matters to you. You focus on your work and the people around you. We make sure you never miss a better opportunity.