Application Security Engineer
This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Application Security Engineer in Netherlands.
This role sits at the intersection of software engineering and cybersecurity, focusing on strengthening the security posture of modern web and API-based applications in a fast-moving, product-driven environment. You will work closely with engineering, product, and security teams to identify vulnerabilities, validate security findings, and drive remediation efforts directly into production systems. The position combines hands-on technical security work with collaborative development practices, including code review and secure design discussions. You will play a key role in improving the secure development lifecycle by integrating security tooling and automation into CI/CD pipelines. This is an opportunity to actively shape how security is embedded across engineering teams, while contributing directly to product resilience and user trust. The environment is highly collaborative, remote-first, and built for engineers who enjoy solving real-world security challenges at scale.
Accountabilities:
- Own and manage bug bounty intake processes, including triaging reports, validating vulnerabilities, and reproducing proof of concepts.
- Collaborate with developers and product teams to design and implement effective remediation strategies for identified security issues.
- Contribute directly to codebases by reviewing and submitting pull requests to fix security vulnerabilities.
- Support validation of external penetration testing results and integrate findings into development backlogs.
- Participate in threat modeling, secure architecture discussions, and security-focused code reviews.
- Enhance Secure Development Lifecycle (SDL) practices, including SAST/DAST integration and security automation within CI/CD pipelines.
- Perform lightweight penetration testing on new features and releases when required.
- Maintain clear and structured documentation of application security processes and best practices.
- Facilitate communication between security, engineering, and product teams to ensure timely resolution of vulnerabilities.
- Previous experience as a software developer or application security engineer in modern web or backend environments.
- Hands-on experience in security testing through bug bounty programs, CTFs, or penetration testing activities.
- Strong understanding of common application security vulnerabilities (e.g., OWASP Top 10: SSRF, IDOR, XSS, etc.).
- Familiarity with security tools such as Burp Suite and SAST/DAST solutions (e.g., SonarQube, Snyk).
- Experience collaborating closely with engineering and product teams in Agile environments.
- Ability to analyze, reproduce, and resolve complex security issues with a “find and fix” mindset.
- Knowledge of secure coding practices for web and API-based applications.
- Exposure to CI/CD pipelines and DevOps tools is considered an advantage.
- Familiarity with infrastructure or security tools such as Terraform, Helm, or WAF solutions is a plus.
- Strong communication and problem-solving skills, with the ability to clearly explain technical security risks.
- Fully remote-first working model with flexibility and international collaboration.
- Opportunity to work in a diverse, multicultural environment with global teams.
- Strong focus on learning, growth, and professional development in cybersecurity.
- Access to learning budgets and remote work support benefits.
- Comprehensive health insurance coverage fully supported by the employer.
- Paid time off and additional remote-friendly perks to support work-life balance.
- Collaborative, feedback-driven culture that encourages innovation and ownership.
- Opportunity to contribute directly to product security at scale in a fast-growing tech environment.