Who are we?

Our business is technology, food and retail. We are a young team that combines all resources with technology; Our goal is to provide an excellent e-commerce service to meet your needs. In short, you can call us Migros One. 😉

Today, as a team that holds the “Great Place To Work” certificate with the contributions of our employees we produce, learn and develop together. We rediscover our passion for our business every day and build Migros One culture together.

Our Culture

We are #ONE to create a better tomorrow for our community. Our way of working includes four core values that we strive to act:

1. Take accountability with passion

2. Drive innovation with curiosity

3. Make a difference for our customers

4. Create open communication

We live these values every day and create an environment where everyone enjoys working. Our business culture based on trust, openness and innovation has been recognized with our “Great Place To Work” certificate!

What Do We Do?

As Migros One; We spread happiness in being the pioneer of innovation in the field of food and retail technology with our brands Migros Sanal Market, Migros Hemen, Migros Extra, Migros Yemek, Macroonline, Tazedirekt, Mion and Petimo!

Our determination to find fast and effective solutions always keeps us one step ahead. Our team's passion and energy make their jobs enjoyable.

Thanks to our people-oriented approach, we aim to create a more comfortable and practical world for everyone by using them all. We constantly strive to provide the best experience to our consumers and employees!As Migros One team, we get excited with every member of our team creating his/her own career story!

If you would like to be a part of this visionary and tech-savvy e-commerce team, don’t wait! Make your application!

We are looking for Application Security Engineer who will be on our team.

What You'll Bring:

• Deep understanding of modern web and application architectures, technologies, and associated security concepts,
• Strong hands-on experience in web application and network penetration testing,
• 3+ years of experience with scripting (Python, Perl, PowerShell or equivalent),
• 3+ years of experience with cloud platforms such as AWS or GCP,
• Experience with SCM, CI/CD pipelines, SAST/DAST tools, and Secure SDLC processes,
• Experience with security testing tools such as Burp Suite, OWASP ZAP, Nessus, Netsparker, or Kali Linux toolsets,
• Basic understanding of network and web protocols (TCP/IP, UDP, HTTP/S, etc.),
• Strong practical knowledge of web application security best practices, including OWASP Top 10, MITRE CWE Top 25, NVD/CVSS scoring, and MITRE ATT&CK frameworks,
• Proven ability to work closely with software development teams,
• Knowledge of container security, DevSecOps principles, and cloud-native security practices.
• Ability to perform root cause analysis and deep technical investigation,
• Solid understanding of event/log analysis from sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, and firewalls,
• Relevant certifications (OSCP, CEH, or equivalent) are a plus.

What You'll Be Doing:

• Design and implement tooling and automation for application security processes (e.g., SAST/DAST integrations within CI/CD pipelines),
• Build, automate, and maintain security controls to proactively enforce security, risk, and compliance standards,
• Define, track, and improve cloud security metrics and KPIs,
• Create detection and prevention rules to mitigate threats and apply industry best practices,
• Collaborate closely with application development, DevOps, and infrastructure teams to secure web applications in modern cloud environments (Containers, Serverless, Microservices),
• Coordinate, track, and drive the remediation of identified vulnerabilities and control deficiencies across endpoints, networks, and applications.