Application Security Engineer

About StormGeo

Informed by nature, powered by technology

We are a leading technology provider enabling weather-sensitive companies to navigate operational challenges in dynamic environments and volatile markets. With nature and weather intelligence at our core, our technological innovations and human expertise transform data into actions that safeguard people, industries, and nature for a sustainable future. For us, it's about more than just business; it's a legacy we are proud to build.

StormGeo is a truly global company with innovative and passionate team members from all over the world, offering actionable insights that empower the decision-making of shipping, energy, and weather-sensitive companies worldwide 24/7/365.

Since 2021, StormGeo has been part of Alfa Laval. Our shared goal is to accelerate success for our customers, our people, and our planet. We strongly believe that curiosity is the spark behind great ideas – and great ideas drive progress.

About the Role

StormGeo is seeking a skilled Application Security Engineer to join our CISO team and play a critical role in embedding security into the software development process. As a Secure Software Development Engineer, you will guide and support development teams in integrating security best practices into the software lifecycle, following frameworks such as OWASP, DevSecOps, and relevant NIST guidelines.

In this senior-level role, you will not be responsible for writing production code yourself, but instead focus on advising teams, conducting security reviews, and ensuring that security is embedded at every stage of development. You will collaborate closely with developers to ensure that security is an integral part of the build process and continuously monitor the evolving threat landscape to propose new security measures.

This role requires extensive experience in both software development and application security, as well as a deep understanding of secure coding principles and frameworks. Senior or expert-level experience is preferred, but we are open to mid-level candidates with a strong interest in security and a willingness to grow into the role.

This position is open to candidates residing in a NATO country for security and cooperation reasons, with the flexibility to work remotely.

Main Responsibilities

• Create, implement, and maintain secure coding guidelines and best practices for development teams across the organization.
• Advise developers and architects during the design and development of new applications, ensuring security by design from the outset.
• Conduct thorough security reviews of source code and architecture (both manually and using automated tools), providing feedback and recommending fixes to relevant teams.
• Collaborate with DevOps and platform teams to integrate security controls into build and deployment processes (CI/CD), including setting up automated security scans.
• Stay up-to-date with the latest vulnerabilities, threats, and tools in application security, proactively recommending improvements or updates to internal practices.
• Develop and lead training sessions or workshops for developers on secure coding standards, OWASP Top 10, security tools, and related topics.
• Assist with application security testing, interpreting results, and helping to prioritize and plan remediation efforts based on risk and impact.

Core Requirements

• Strong understanding of modern software development, system architecture, and multiple programming languages (e.g., Java, C#, Python, C++). Ability to quickly adapt to new technology stacks.
• In-depth knowledge of application security, including the OWASP Top 10, CWE Top 25, and common vulnerability categories, with methods to mitigate these risks.
• Experience integrating security into CI/CD pipelines (DevSecOps), utilizing tools like SAST/DAST, dependency scanners, and container security measures.
• Knowledge of secure design and architecture principles, such as threat modeling, least privilege, and secure design patterns.
• Experience conducting code reviews and security audits of applications, providing actionable recommendations and guidance to developers.
• Familiarity with relevant standards and frameworks for secure software development (e.g., NIST Secure Software Development Framework, ISO/IEC 27034).
• Strong understanding of cryptography and identity management, enabling secure authentication and authorization solutions when needed.
• Excellent communication skills, with the ability to clearly explain security concepts and vulnerabilities to developers.
• Strong collaborative attitude, working closely with developers, testers, DevOps, and other stakeholders to foster a security-first development culture.
• Analytical and detail-oriented, with the ability to identify root causes of vulnerabilities and navigate complex code bases.
• Problem-solving mindset, focused on practical solutions that balance security with functionality and development speed.
• A continuous learner who stays updated on new programming languages, frameworks, and evolving security threats.
• Fluency in English, both written and spoken, for effective communication with international teams.

Preferred Certifications

• CSSLP (Certified Secure Software Lifecycle Professional) or similar certifications that demonstrate expertise in secure software development are highly desirable.
• Other relevant certifications in application security or ethical hacking, such as GIAC GWEB, GIAC GWAPT, or Offensive Security OSWE, will be considered a strong advantage, as they indicate practical experience with vulnerability analysis.
• CISSP (Certified Information Systems Security Professional) is a plus, though the main focus will be on specialized application security expertise.

Company Offers

• Smart, creative, and innovative environment, where you'll work alongside a talented and supportive team of professionals.
• Hybrid Work Model.
• International development opportunities to support your professional growth.
• Additional benefits vary by location and may include subsidized lunch, gym memberships, commute compensation, and more. Specific details will be shared during the hiring process.

If you're a skilled Application Security Engineer with a passion for impactful decisions and working with a dynamic team, apply now to join StormGeo!

We value diverse perspectives and welcome candidates from all backgrounds and industries. StormGeo offers a stimulating international environment where we challenge, encourage, and support each other.

Get a glimpse of our culture and what it’s like to be part of our team by watching this short video: StormGeo.

How to Apply: To apply for the position, kindly utilize the provided application link. It's important to note that applications and CVs submitted via email will not be considered. We will be reaching out to suitable candidates continuously, so we encourage you to submit your application promptly if you are keenly interested.