Constructor Knowledge - Application Security Engineer (Remote in Bulgaria, Germany, Italy, Serbia, Turkey)

Bulgaria, Sofia1w ago

In Office Mid EMEA Application Security Engineer C#Go Python JavaScript Performance Reviews

Upload My Resume

Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT

Apply in One Click

Requirements

• 3–5 years of experience in application security, with a focus on web applications and API security. • Good knowledge of at least one scripting or programming language (e.g., Python, JavaScript, C#, or Go). • Experience with tools like OWASP ZAP, Burp Suite, Snyk, or similar. • Familiarity with secure coding, DevSecOps, and container security concepts. • Strong understanding of CVE, CVSS, and vulnerability disclosure workflows. • Excellent command of business English. • Preferred Qualifications: • Knowledge of SBOM standards (CycloneDX, SPDX) and experience integrating SBOM tooling into CI/CD pipelines. • Knowledge of software composition analysis (SCA) tools.

Responsibilities

• Perform threat modeling, security architecture review, and design analysis for web applications and APIs. • Conduct manual and automated security testing during development and pre-release stages. • Design and implement security pipelines (including SAST and DAST) and integrate them into the SDLC process. • Implement and manage SBOM generation and consumption processes across the SDLC. • Collaborate with development teams to ensure timely remediation of identified vulnerabilities. • Maintain security guidance aligned with OWASP best practices and provide trainings for development teams. • Stay current with evolving application security threats, tools, and industry developments.