Application Security Engineer

Security | Minsk | Vilnius | Amsterdam

Primary Responsibilities

  • Regularly review and monitor security across all applications, APIs, mobile systems (including penetration testing, vulnerability scanning, etc.)
  • Champion security awareness of Flo's best practices across all Engineering teams while implementing a regular training specific to web apps.
  • Discuss security requirements with product teams, participating in vulnerability disclosure program, creating security checks for pipelines
  • Vendor security assessments (Automated via OneTrust)
  • Managing security risks effectively and responding quickly in the event of a breach
  • Developing POC exploitation scripts for known vulnerabilities (this doesn't need to be at an advance level)
  • Familiarity with Mitre Top 25, CVSS & OWASP frameworks
  • Ability to write remediation steps for vulnerabilities & weaknesses
  • Experience with SAST and DAST tools
  • Demonstrable experience triaging vulnerabilities with engineering teams

Required Skills & Abilities

  • 3+ years of experience within Application Security (IOS & Android).
  • Manage, maintain, and enhance the configuration of application security toolsets including static code analysis, open-source component analysis, and container analysis.
  • English (B2+)
  • Working knowledge of software security tools, including, Snyk, Burp suite, Kali Linux, Metasploit, etc.
  • Excellent written and verbal communication skills.
  • Must be able to use Jira and Confluence.

Preferred skills

  • Applicable STEM or Cyber Security degree
  • Industry certifications OSCP, CEH, eWPT, CEPT, CMWAPT