Resumo da vaga

Application Security Engineer

Requisitos e responsabilidades

Conteúdo da vaga extraído em seções para revisão mais rápida.

In this role, you will:

  • Review, test, and monitor our applications to identify security weaknesses
  • Manage vulnerabilities from discovery through remediation, working directly with engineering teams to resolve them
  • Respond to infrastructure security alerts and perform hardening, including reviewing roles and permissions across services and APIs
  • Participate in incident response and root cause analysis
  • Analyze and monitor relevant security threats and prevention measures based on industry trends and standards
  • Partner with product, development, and infrastructure teams to embed security requirements into how they build
  • Integrate and operate automated security testing across the development lifecycle, including SAST, DAST, SCA, secrets detection, container, and supply chain security
  • Develop security automation and tooling to scale security across engineering
  • Drive threat modeling and secure-by-design practices across our services
  • Assess our overall security posture and identify risks, providing recommendations to strengthen it
  • Assist in addressing emergent threats in AI security as PandaDoc deploys AI in its product and for internal use

Our stack:

  • Service-oriented architecture
  • Main development stacks: Java/Spring, Python/Django, JavaScript/React
  • Docker, Kubernetes
  • Amazon Web Services: EKS, RDS, S3, ElastiCache, etc.
  • Monitoring stack: Grafana, Loki, Tempo, Mimir
  • Source control & CI/CD: GitHub / GitHub Actions
  • A combination of AWS native and 3rd party security solutions for infrastructure and application security (WAF, CNAPP, SCA/SAST, DAST, IDS/IPS, etc.)

About you:

  • 3+ years of experience with application security tools such as SAST/SCA, DAST, WAF, CI/CD security, and penetration testing
  • 2+ years of cloud security experience implementing security controls and best practices in AWS, GCP, or Microsoft Azure
  • Strong background in web application security, including common vulnerability classes (OWASP Top 10, CWE Top 25), attack vectors, and mitigations
  • Good understanding of access control and identity management principles (SAML 2.0, OAuth, OIDC, JWT, etc.)
  • Practical skills building security automation and tooling with Python, Bash, or equivalent languages
  • Experience implementing DevSecOps practices across the SDLC
  • Familiarity with containerized, Kubernetes-based environments and their security
  • Solid interpersonal, written, and verbal communication skills
  • Upper-Intermediate English level (B2+)

Benefits:

  • A competitive salary. If you are located in Poland, the salary range is 222000 to 334000 PLN annually.
  • An honest, open culture that emphasizes feedback and promotes professional and personal development
  • An opportunity to work from anywhere — our team is distributed worldwide, from Lisbon to Manila, from Florida to California
  • 6 self care days
  • And much more!
Vagas similares

Mantenha uma lista reserva.

Ver stack
FocoApplication SecurityÁrea da vaga
Sinal de senioridadeMiddleNível do candidato
StackAWS, Azure, CI/CDSkills principais
Localização2 países aceitosElegibilidade

Stack

Use estas tags para comparar vagas remotas similares.

Elegibilidade de localização

Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.

Seu perfilPaís não definidoEntre para comparar seu país com esta vaga.

Fluxo de contratação

O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.

1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.