Key Facts

Remote From:

Turkey , Bulgaria , Germany , Italy , Serbia

Full time

Mid-level (2-5 years)

English

Hard Skills

Other Skills

•
Collaboration
•
Communication
•
Mentorship

Constructor Knowledge

Education

About Constructor Knowledge

Constructor Knowledge is a provider of education services, including traditional and online education programs and courses for people of all ages via its various affiliates. It provides advisory and strategic services to education institutions in the fields of student recruitment, communications, and marketing support. Its subsidiaries include Constructor Academy. The greater Constructor Knowledge ecosystem includes Constructor University in Bremen, Germany, and Constructor Institute in Schaffhausen, Switzerland. Constructor Knowledge is a part of Constructor Group, a global institution founded in 2019 by Dr. Serg Bell, a long-time tech and education entrepreneur and investor. Through its ecosystem, which includes a private university, research capacities, businesses, consulting services, and smart capital, it aims to cover the entire learning lifecycle and generate technology breakthroughs in five fundamental technology trends: machine intelligence, quantum technology, intelligent materials, hybrid reality, and life engineering.

Company type: SME

Industry: Education

Founded: 2018

Company size: 51 - 200

Website LinkedIn See all jobs →

Job description

We are seeking an Application Security Engineer with a strong background in web application security design, secure development practices, and vulnerability testing. This role also requires practical experience with Software Bill of Materials (SBOM) management and implementation, contributing to our secure SDLC and software supply chain risk reduction efforts.

Duties and Responsibilities:

Perform threat modeling, security architecture review, and design analysis for web applications and APIs.
Conduct manual and automated security testing during development and pre-release stages.
Design and implement security pipelines (including SAST and DAST) and integrate them into the SDLC process.
Implement and manage SBOM generation and consumption processes across the SDLC.
Collaborate with development teams to ensure timely remediation of identified vulnerabilities.
Maintain security guidance aligned with OWASP best practices and provide trainings for development teams.
Stay current with evolving application security threats, tools, and industry developments.

Qualifications and Experience:

3–5 years of experience in application security, with a focus on web applications and API security.
Good knowledge of at least one scripting or programming language (e.g., Python, JavaScript, C#, or Go).
Experience with tools like OWASP ZAP, Burp Suite, Snyk, or similar.
Familiarity with secure coding, DevSecOps, and container security concepts.
Strong understanding of CVE, CVSS, and vulnerability disclosure workflows.
Excellent command of business English.
Preferred Qualifications:
Knowledge of SBOM standards (CycloneDX, SPDX) and experience integrating SBOM tooling into CI/CD pipelines.
Knowledge of software composition analysis (SCA) tools.