AppSec - DevSecOps Engineer

About the Team

At Trendyol Tech, our mission is to create a positive impact in our ecosystem by enabling commerce through technology.

We solve complex problems with data, creativity, and agility — always driven by real outcomes. With a culture built on learning, collaboration, and ownership, we grow together while building what’s next.

About the Role

As an Application Security Engineer, you'll be a vital part of our team, responsible for building security directly into our software development lifecycle. This role involves more than just finding vulnerabilities; you'll be a key partner to both our Development and DevOps teams, helping to implement robust security controls from code creation to deployment. You'll leverage your expertise in modern security tools, automation, and best practices to ensure our applications are secure and resilient.

Responsibilities

• Collaborate with the Development and DevOps teams to implement security controls in the SDLC (Software Development Life Cycle) and Software Supply Chain
• Secure Coding Development, Threat Modelling, Security Tool Management in CI/CD (SAST, DAST, SCA, IaC, CS, ASO, IAST, etc.), CI/CD Posture Security, Dependency Management, etc.
• Collaborate with the DevOps team to implement security best practice on container, Kubernetes and cloud environment
• Secure Container Images, Container Orchestration Policy Management, Mesh, Vault, Git etc.
• Develop tools/scripts for repeatable application security task
• Discovering web application assests and scanning periodically
• Community contribution like developing tools, finding vulnerabilities on public projects, etc.

Expected Qualifications

• Being an agile minded team player
• Eagerness on self-improvement, open-minded, future-oriented
• Knowledge of the following: OWASP TOP 10 K8S, OWASP TOP 10 CI/CD, OWASP TOP 10 and OWASP ASVS
• Technical Knowledge of following Secure SDLC practices and execution: Secure Coding Educations, Security Tool Integration CI/CD(like SAST, SCA, IaC, IAST, ASO, CS), Threat Modelling, etc.
• Technical Knowledge of Software Supply Chain Security concept and requirements: Dependency Management, CI/CD Posture Security, etc.
• Technical Knowledge of container, container orchestration platforms and common cloud technologies: Preparation of Vulnerability-Free Container Images, Image Signing, Kubernetes Policy Management, CNAPP, GitOps etc.
• Development experience for repeatable tasks with any popular language go, python, bash, etc.
• Technical Knowledge of understanding vulnerability risks & remediations

What We Offer

- Hybrid working model with flexibility: a schedule that helps you find the right balance between flexibility and team bonding, including work-from-abroad opportunities and a summer working model.

- Customisable FlexBenefits budget: Adjust your daily meal allowance, choose your health insurance package (and extend it to your spouse or children), and pick from additional benefits like fuel support or Trendyol shopping credits.

- Well-being support: Access to location-based in-house doctors, as well as psychologist and dietitian support, and HPV vaccination provision.

- Personalised training allowance and learning opportunities: Use your annual budget for any training or conference of your choice, explore our Learning Management System (LMS) anytime, and join in-person learning sessions offered throughout the year.

- Responsibility from day one: Take full ownership from the start in a culture where every voice is heard and valued.

- A diverse, international team: Collaborate with global peers across our offices in Berlin, Amsterdam, Dubai, and beyond, in a startup-spirited and collaborative environment.

- Opportunities to grow with the best: Tackle meaningful challenges, develop through hands-on experience, and grow with the support of expert guidance and global mentoring.

- Meaningful connections beyond tasks: Be part of team rituals, events, and social activities that help us stay connected and inspired.

Take the Next Step

If this role excites you, apply today, we look forward to taking the next step with you.

Want to get to know the team better first? Explore our Career Website, LinkedIn, or YouTube to learn more about #LifeatTrendyol and how we work.