Company Logo

Software Engineer

Netflix - 1d ago

Company Logo

Senior Software Engineer

Reddit - 4d ago

Information Security Engineer (Appsec)

AI Summary ✨

Requirements

  • 3+ years of hands-on experience in application security, penetration testing, or a related security engineering role
  • A solid understanding of common web, mobile, and API vulnerabilities (e.g., OWASP Top 10, CWE) and practical approaches to identify and remediate them
  • Experience conducting code reviews, design reviews, and threat modelling for modern application architectures
  • Familiarity with DevSecOps practices and integrating security tooling into CI/CD pipelines
  • Working knowledge of authentication, authorization, session management, and cryptographic best practices
  • Proficiency with security tools, such as Burp Suite, MobSF, Frida, or custom scripts, for dynamic and static analysis
  • A basic understanding of cloud security principles and experience working with GCP or AWS environments
  • Great communication skills with the ability to collaborate effectively with Engineering, Product, and DevOps teams
  • A proactive mindset with a passion for solving complex problems and driving secure engineering practices
  • The ability to work independently while also being a trusted team player in a fast-paced environment

Nice to Have

  • Experience participating in Red Team exercises, managing bug bounty programs, or contributing to open-source security tools or research

What You'll Be Doing

  • Performing security assessments on product designs, mobile apps (iOS/Android), web applications, and APIs
  • Participating in Red Team missions and threat-led testing scenarios to simulate real-world attacker behaviors and validate detection and response capabilities
  • Leading and conducting penetration testing across applications, infrastructure, and APIs, using a mix of manual techniques and automated tools
  • Managing and evolving our private bug bounty program, validating submissions, collaborating with researchers, and ensuring timely resolution of valid findings
  • Contributing to and influencing cloud security posture, identifying misconfigurations and working with DevOps to implement best practices across GCP and AWS
  • Partnering closely with engineering teams to embed security into the software development lifecycle, offering guidance on secure architecture and threat modeling
  • Developing and enforcing internal AppSec standards, policies, and practices aligned with OWASP, NIST, and industry benchmarks
  • Continuously researching and evaluating emerging threats, tools, and technologies to stay ahead of the evolving threat landscape
  • Contributing to internal security training sessions, knowledge sharing, and mentoring of junior team members
Apply here
Revolut logo

Revolut

Remote - Spain (Remote)

Experience: Senior
Posted: August 27, 2025
Aws
Gcp
security

Similar jobs

  • 4 months ago
    Still looking
    Remote
  • See all jobs in Spain