Devexperts Logo

Application Security Engineer

🇧🇬 Bulgaria🔒 Cybersecurity🔵 Mid-level

Job Description

Company Description

Devexperts has been working for nearly two decades consulting and developing for the financial industry. We solve complex technological challenges facing the most well-respected financial institutions worldwide.

By becoming a part of Devexperts, you’ll become a part of a company that fosters self-improvement and actively seeks out-of-the-box ideas. Our teams work together to create the next generation of financial software solutions. We welcome all candidates who believe, as we do, that innovation is grounded in education.

Job Description

We are looking for an Application Security Engineer to join the Information Security Team.

The Application Security Engineer will work closely with software development teams, product owners, and stakeholders to design, implement, and maintain robust security practices throughout the software development lifecycle (SDLC). The Application Security Engineer will be responsible for identifying and mitigating security vulnerabilities within applications, systems, and APIs, ensuring secure coding practices, and helping to maintain compliance with relevant security standards such as OWASP Top 10, NIST, and ISO/IEC 27001.

This role will play a crucial part in strengthening the organization’s security posture, promoting security best practices, and ensuring the safety and integrity of the company’s software applications.

We expect the Application Security Engineer to:

  • Conduct regular security assessments of applications, including code reviews, static/dynamic analysis, and penetration testing.
  • Collaborate with development teams to design and implement security controls and integrate security into the software development lifecycle (SDLC).
  • Lead and participate in the identification and remediation of security vulnerabilities in applications, APIs, and third-party services.
  • Provide security guidance on secure coding practices, threat modeling, and vulnerability management to development teams.
  • Implement and enforce security best practices for secure coding, API security, and encryption across application architectures.
  • Stay up-to-date with the latest security threats, vulnerabilities, and trends, applying relevant knowledge to mitigate risks in applications.
  • Develop and maintain automated security testing tools, frameworks, and processes for continuous security integration within CI/CD pipelines.
  • Support risk assessments and threat modeling for new and existing applications, helping to prioritize security remediation efforts.
  • Participate in incident response activities related to application security, providing expertise to investigate and remediate security breaches.
  • Create and deliver security training and awareness programs for developers to promote a culture of security within the development teams.
  • Support vulnerability management and remediation efforts, tracking and verifying the resolution of identified issues.
  • Ensure compliance with internal security standards and external regulatory requirements (e.g., GDPR, PCI-DSS, HIPAA).
  • Collaborate with cross-functional teams, including DevOps, infrastructure, and security operations, to ensure a cohesive approach to application security.

Qualifications

Required Skills and Experience:

  • Bachelor’s degree in Computer Science, Information Security, Software Engineering, or a related field.
  • Over 3 years of hands-on experience in application security, with a focus on securing web applications, APIs, and cloud-based environments.
  • Proficiency with application security tools such as static and dynamic analysis (SAST, DAST), vulnerability scanners, and penetration testing tools.
  • Knowledge of secure coding practices and frameworks (OWASP, NIST, etc.) and experience applying them to real-world software development.
  • Familiarity with common vulnerabilities (e.g., OWASP Top 10) and mitigation strategies.
  • Experience with source code analysis, including manual and automated code reviews, security testing, and debugging.
  • Experience working in a DevOps or Agile development environment, including integration of security practices into CI/CD pipelines.
  • Understanding of web application security, including session management, access control, and authentication mechanisms.
  • Proficient in at least one programming language (e.g., Python, Java, JavaScript, Ruby, etc.) and ability to read and understand code.
  • Strong knowledge of networking concepts, HTTP/HTTPS protocols, web servers, and security protocols (TLS, SSL, etc.).
  • Excellent problem-solving and analytical skills, with the ability to think like an attacker and identify security weaknesses in applications.
  • Strong communication skills, with the ability to collaborate effectively with technical and non-technical stakeholders.

Preferred Qualifications:

  • Certifications such as CEH, CSSLP, GWAPT, CASE, OSWE or other relevant cybersecurity certifications.
  • Experience with cloud platforms (AWS, Azure, GCP) and security best practices for cloud-native applications.
  • Familiarity with threat modeling techniques and tools (e.g., OWASP Threat Dragon, Microsoft SDL).
  • Experience with CI/CD and DevSecOps processes and tools.
  • Knowledge of container security (Docker, Kubernetes) and microservices architecture.
  • Experience with application security tools such as SonarQube or Veracode for static and dynamic analysis.

Additional Information

Care for the employees is one of Devexperts’ core values. For the suggested position, we offer a benefits package that will guarantee the comfort of our new teammate.

Flexibility benefits:

  • Possibility of hybrid/remote work mode,
  • Flexible working hours.

Health and recreation benefits:

  • 20 days of paid vacation,
  • 5 days of fully paid additional wellness days,
  • Medical insurance – premium package,
  • Free MultiSport card.

Facility benefits:

  • Modern office with new equipment,
  • Panoramic view of Vitosha mountain,
  • PlayStation, Billiard, Relax zone and Gym,
  • Parking space/public transport card,
  • Free drinks and snacks.

Community benefits:

  • Teambuilding activities,
  • Corporate parties,
  • Football club,
  • Speakers’ club,
  • Free admission to corporate external events,
  • Possibility of joining conferences and professional fairs.

Professional training benefits:

  • English language courses,
  • Local language courses for foreign employees,
  • Unlimited access to self-learning platforms,
  • Certification opportunities,
  • Mentorship Program.

Social benefits:

  • Referral bonuses for specific roles,
  • Paid leave upon special events.
Share this job:
Please let Devexperts know you found this job on Remote First Jobs 🙏

9062 similar remote jobs

Explore latest remote opportunities and join a team that values work flexibility.

View all jobs
WRITER logo

Security Engineer Application Security

WRITER

3 Weeks ago
WRITER logo

Security Engineer Application Security

WRITER

3 Weeks ago
AlphaSense logo

Senior Product Security Engineer Application Security

AlphaSense

$157k-$216k 2 Months ago
CoreWeave logo

Security Assurance Engineering Senior Security Production Engineer

CoreWeave

$165k-$242k Month ago
KOMOJU by Degica logo

Senior Application Security Engineer

KOMOJU by Degica

New
Devexperts logo

Application Security Engineer

Devexperts

Yesterday

Remote companies like Devexperts

Find your next opportunity with companies that specialize in Custom Financial Software Development, Multi-asset Trading Platforms, Equities/options/otc/forex/crypto Trading Platforms, and Matching Engines. Explore remote-first companies like Devexperts that prioritize flexible work and home-office freedom.

All companies
Galileo Financial Technologies Logo

Galileo Financial Technologies

1001-5000 www.galileo-ft.com

Provides a platform for core banking, card issuing, and payment processing, serving fintechs, banks, and brands.

View company profile →
FlexTrade Logo

FlexTrade

501-1000 www.flextrade.com

Provides broker-neutral execution and order management trading platforms for multi-asset classes.

View company profile →
Flagright Logo

Flagright

51-200 link.flagright.com

An AI-native transaction monitoring platform for financial institutions to detect, investigate, and report suspicious activity.

View company profile →
Doran Jones Logo

Doran Jones

51-200 www.doranjones.com

Financial services technology

View company profile →
Octus Logo

Octus

501-1000 octus.com

A credit intelligence and data provider that combines human expertise with technology and AI to deliver insights for financial markets.

View company profile →
TXI Logo

Designs and builds data products and custom software for Fortune 500 and mid-market companies.

View company profile →

Project: Career Search

Rev. 2026.3

[ Remote Jobs ]
Direct Access

We source jobs directly from 21,000+ company career pages. No intermediaries.

Search Jobs Post a Job
01

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

02

Advanced Filters

Filter by category, benefits, seniority, and more.

03

Priority Job Alerts

Get timely alerts for new job openings every day.

04

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

21,000+ SOURCES UPDATED 24/7
Apply