Are you a skilled Application Security Engineer with a hacker’s mindset and a passion for development? Evolveum is seeking a fully remote Application Security Engineer to enhance the security of our leading open-source Identity Governance and Administration (IGA) platform.

The Role

In this role, you will integrate and maintain security testing tools (SAST/DAST, SCA, IaC) within our CI/CD pipelines. You will conduct vulnerability scans, perform internal penetration tests on applications and APIs, and prioritize identified risks. Additionally, you will analyze security reports and vulnerability disclosures from our customers and the open-source community, conduct security-focused code reviews, and collaborate with our Java and Python developers to implement secure fixes. You will also work alongside our Security Architect and CPO on threat modeling and risk assessments, enhance our team's security posture through developer training based on bug bounty findings, and support incident response by analyzing threats and proposing solutions.

Responsibilities

• Integrate and maintain security testing tools into CI/CD pipelines.
• Conduct vulnerability scanning and internal penetration tests on applications/APIs.
• Analyze security reports and vulnerability disclosures from customers and the open-source community.
• Perform security-focused code reviews and collaborate with developers on secure fixes.
• Partner with Security Architect and CPO on threat modeling and risk assessments.
• Deliver developer training based on bug bounty findings and real-world exploits.
• Support incident response by analyzing threats and preparing public vulnerability disclosures.

Requirements

• Proven experience in application security, penetration testing, or red teaming.
• Strong understanding of OWASP Top 10 and common vulnerabilities (SQLi, XSS, CSRF, RCE).
• Solid software development background, particularly in Java.
• Good communication skills to explain security issues to technical and non-technical colleagues.

Nice to Have

• Experience managing Bug Bounty programs (e.g., HackerOne) or vulnerability disclosures.
• Background in product development or the Identity/Access Management (IAM/IGA) space.

What We Offer

• Competitive salary starting from 3000 EUR/month, depending on experience.
• Fully remote work opportunity, preferably within EMEA time zones (CZ/SK).
• A passionate and dedicated team within a globally recognized EU-based organization, combining the benefits of open-source with financial stability.

Join us in securing the future of open-source identity by clicking the Easy Apply button!