Application Security Engineer.

The Role

We are looking for an Application Security Engineer to harden our clients' digital infrastructure from the inside out. You will lead pentesting engagements, vulnerability analysis, and compliance auditing across web applications, APIs, and cloud-native architectures serving enterprise fintech and e-commerce platforms.

Responsibilities

• Conduct penetration testing and security assessments on web applications, REST/GraphQL APIs, and microservices.
• Perform vulnerability analysis using tools such as Burp Suite, OWASP ZAP, Nessus, and custom scripts.
• Implement and enforce API security best practices including OAuth 2.0 flows, rate limiting, input validation, and CORS policies.
• Design and execute SQL injection testing, XSS, CSRF, and SSRF attack simulations against production-grade systems.
• Build and maintain automated vulnerability scanning pipelines integrated into CI/CD workflows.
• Ensure compliance with GDPR, PCI-DSS, and SOC 2 frameworks across client engagements.

Requirements

• 5+ years of experience in application security, penetration testing, or security engineering.
• Deep knowledge of OWASP Top 10 and practical experience exploiting and remediating each category.
• Proficiency with security tooling: Burp Suite Pro, Nessus, Semgrep, or equivalent scanners.
• Experience securing cloud-native environments (AWS, GCP, or Azure).
• Relevant certifications (OSCP, CEH, GPEN) are a strong advantage.
• C1/C2 English proficiency.