PandaDoc
Application Security Engineer
Vaga remota de Application Security com fit claro de localização do candidato.
Publicada13 de jul. de 2026
Países elegíveis2 países aceitos
Sinal de senioridadeMiddle
Modelo de trabalhoRemoto
Locais aceitos para candidatos
UcrâniaEstados Unidos
Resumo da vaga
Application Security Engineer
Requisitos e responsabilidades
Conteúdo da vaga extraído em seções para revisão mais rápida.
In this role, you will:
- Review, test, and monitor our applications to identify security weaknesses
- Manage vulnerabilities from discovery through remediation, working directly with engineering teams to resolve them
- Respond to infrastructure security alerts and perform hardening, including reviewing roles and permissions across services and APIs
- Participate in incident response and root cause analysis
- Analyze and monitor relevant security threats and prevention measures based on industry trends and standards
- Partner with product, development, and infrastructure teams to embed security requirements into how they build
- Integrate and operate automated security testing across the development lifecycle, including SAST, DAST, SCA, secrets detection, container, and supply chain security
- Develop security automation and tooling to scale security across engineering
- Drive threat modeling and secure-by-design practices across our services
- Assess our overall security posture and identify risks, providing recommendations to strengthen it
- Assist in addressing emergent threats in AI security as PandaDoc deploys AI in its product and for internal use
Our stack:
- Service-oriented architecture
- Main development stacks: Java/Spring, Python/Django, JavaScript/React
- Docker, Kubernetes
- Amazon Web Services: EKS, RDS, S3, ElastiCache, etc.
- Monitoring stack: Grafana, Loki, Tempo, Mimir
- Source control & CI/CD: GitHub / GitHub Actions
- A combination of AWS native and 3rd party security solutions for infrastructure and application security (WAF, CNAPP, SCA/SAST, DAST, IDS/IPS, etc.)
About you:
- 3+ years of experience with application security tools such as SAST/SCA, DAST, WAF, CI/CD security, and penetration testing
- 2+ years of cloud security experience implementing security controls and best practices in AWS, GCP, or Microsoft Azure
- Strong background in web application security, including common vulnerability classes (OWASP Top 10, CWE Top 25), attack vectors, and mitigations
- Good understanding of access control and identity management principles (SAML 2.0, OAuth, OIDC, JWT, etc.)
- Practical skills building security automation and tooling with Python, Bash, or equivalent languages
- Experience implementing DevSecOps practices across the SDLC
- Familiarity with containerized, Kubernetes-based environments and their security
- Solid interpersonal, written, and verbal communication skills
- Upper-Intermediate English level (B2+)
Benefits:
- A competitive salary. If you are located in Poland, the salary range is 222000 to 334000 PLN annually.
- An honest, open culture that emphasizes feedback and promotes professional and personal development
- An opportunity to work from anywhere — our team is distributed worldwide, from Lisbon to Manila, from Florida to California
- 6 self care days
- And much more!
Vagas similares
Mantenha uma lista reserva.
Stack
Use estas tags para comparar vagas remotas similares.
Elegibilidade de localização
Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.
Seu perfilPaís não definidoEntre para comparar seu país com esta vaga.
Fluxo de contratação
O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.
1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.