Application Security Engineer

We are looking for a hands-on Application Security Engineer to strengthen security across our software lifecycle and integrate vulnerability mitigations into real life healthcare HA software environment.

You will work closely with IT Development and Applications Team and also with the Infrastructure Team to integrate security into CI/CD pipelines, perform application security reviews, and remediate vulnerabilities directly at code or configuration level. You will receive priority list to work on from the Cybersecurity Team.

This is a technical, practitioner role: you will analyze vulnerabilities, fix issues in applications, and help development teams build secure software by design.

If you enjoy working at the intersection of security, engineering, and DevOps, this role is for you.

You will be in charge of taking action after triage to remediate application vulnerabilities (SAST/DAST/SCA findings - coming either from already existing tools or processes for the most part, or you will be in charge of implementing some of the tools to detect vulnerabilities).

You will also perform secure code reviews and architecture security assessments.

In order you will:

• Resolve vulnerability issues and conflicts related to application code, libraries and dependencies
• Help reduce technical debt and improve overall application security maturity through contributions to decision making process on vulnerability remediation and clarify options
• reduce technical debt and improve overall application security maturity
• Integrate security tooling into CI/CD pipelines (DevSecOps)
• Support development teams with secure coding practices
• Participate in threat modeling and security design reviews
  
  
  

You will focus on application security - however you will need to closely cooperate with your counterpart security engineers in charge of patch and vulnerability treatment at OS level.

What You'll Work With:

• Modern CI/CD pipelines (GitLab, DevOps Kubernetes/Docker)
• SAST / DAST / SCA tools (e.g. Qualys, Pentest reports, etc.)
• Enterprise application stacks (Java, JavaScript/Node.js, TypeScript, Angular or similar et possible .NET, Python)
• Local DC environment
• OWASP Top 10 and secure coding frameworks
  
  
  

You need to have:

• Strong software engineering background (you can read and modify production code)
• Experience in application security or secure software development
• Solid understanding of OWASP Top 10 and common application vulnerabilities
• Hands-on experience with vulnerability remediation at code land configuration level
• Familiarity with CI/CD pipelines and DevSecOps practices
• Ability to analyze scanner findings and distinguish real issues from false positives
• Comfortable working with developers and security teams in a HA environment
  
  
  

Nice to have:

• Experience with threat modeling
• Knowledge of cloud security
• Exposure to vulnerability management processes
  
  
  

Working Schedule:

We are offering full-time positions working on-premise. Once mutual confidence levels are established, a maximum of 2 days per week of remote working can be authorized.