Get ready to take your place on n11, an open market platform has made valuable contributions to the e-commerce sector since its establishment by bringing more than 330 thousand registered business partners to customers.

We are looking for "Senior Application Security Engineer” to join our team in Technology/Infrastructure Department.

Who you are

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field - or equivalent practical experience.
• 5+ years professional experience in a computer technology field including IT, technical support, or engineering
• Proficient in coding with at least one programming language (e.g., Java, Golang) and scripting languages like Bash or Python.
• Hands-on experience with application security practices including code review, threat modeling, static and dynamic analysis (SAST, DAST, SCA), and attack surface analysis.
• Experience in Application Penetration Testing, Vulnerability Research, or Bug Bounty Hunting.
• Strong understanding of the Secure Software Development Lifecycle (SSDLC), with a focus on shifting security left - embedding security into early development stages to identify and mitigate vulnerabilities before they reach production.
• Deep familiarity with OWASP standards and best practices, particularly the OWASP Top 10 vulnerabilities, and experience applying them to secure web applications and services.
• Experience with web security concepts such as secure authentication, session management, Server Side Request Forgery (SSRF), SQL injection, and other common web vulnerabilities.
• Familiarity with mobile-specific security frameworks and tools (e.g., OWASP Mobile Top 10, MobSF, Frida) for testing and securing mobile apps.
• Certifications in relevant security domains (e.g., OSWE, GWAPT, OSCP) are a plus.
• Cloud and container security experience is a plus
• A strong bug bounty profile with demonstrated experience in discovering and responsibly disclosing vulnerabilities is also a plus.
• Proven ability to solve complex security challenges, develop risk-based solutions, and effectively balance security requirements with engineering goals, while influencing stakeholders with diverse perspectives on security.

What you'll do

• Penetration Testing & Vulnerability Assessments: Test web apps, infrastructure, and cloud environments for vulnerabilities using manual and automated techniques. Develop custom tools and scripts to improve testing in CI/CD pipelines.
• Vulnerability Management & Remediation: Work with teams to analyze vulnerabilities, create remediation plans, and enhance security in development and production using DAST, SAST, Internal Network Security and SCA tools.
• Security Communication & Reporting: Present findings and remediation steps to both technical and non-technical stakeholders.
• Automation Scripting: Collaborate with teams to understand security requirements and develop automation scripts that provide valuable security insights.
• Attack Surface Management: Oversee and optimize the attack surface by analyzing logs, identifying vulnerabilities, and developing tools to enhance efficiency and improve proactive security measures. Focus on reducing exposure and strengthening overall defense mechanisms.
• Collaboration with Cross-Functional Teams: Work closely with DevOps, QA, product management, and other departments to integrate security seamlessly into the development and deployment processes. Advocate for security as a shared responsibility across teams.
• Continuous Improvement: Stay up-to-date with the latest trends, tools, and techniques in application security. Promote a culture of continuous improvement by identifying areas for further optimization and driving the adoption of best practices.
• Utilizing WAF for Web Application Security: Leverage Web Application Firewalls (WAF) to protect applications by filtering malicious traffic, minimizing risks, and enhancing security through real-time threat detection, customized rule sets, and continuous monitoring
• On-Call Rotation Alert/Incident Management and Darkweb/threat intelligence tracking .

As n11, we care about your Personal Data Security. Please find the Personal Data Protection Information Notice from the link below.

https://n11scdn.akamaized.net/custom/upload/51/79/2889579912657586679.pdf