Key Facts

Remote From:

Cyprus , Bulgaria , Poland , Malta , Serbia , Georgia (USA)

Category: Security Engineer

Full time

Senior (5-10 years)

English

Hard Skills

Threat Modeling Automated Testing Framework Application Security Vulnerability Management Session Manager SubSystems Software Security Scripting Http Protocols Secure Coding Security Implementation +14 more

Other Skills

•
Communication
•
Teamwork
•
Consulting
•
Problem Solving

Roles & Responsibilities

1.5+ years of experience in application security, software development, or related technical roles
Strong knowledge of web fundamentals (HTTP/HTTPS, cookies, session management) and web application security controls (SOP, CORS, CSP) as well as OWASP Top 10
Hands-on experience with manual security assessments and secure code reviews, and secure-by-design principles
University degree in Computer Science, Information Security, or a related field (or equivalent practical experience) with proficient English communication

Requirements:

Partner with product teams during design phase to facilitate threat modeling and risk assessment sessions
Perform in-depth manual code reviews on critical applications to identify logical vulnerabilities as part of white-box security assessments
Triage vulnerabilities from bug bounty programs, collaborating with external researchers and internal engineering teams to resolve discovered flaws
Collaborate with Dev/QA teams throughout the development lifecycle to enhance the application's security posture by providing dedicated security consulting and actionable guidance

SOFTSWISS

Computer Software / SaaS

About SOFTSWISS

SOFTSWISS is an international company and a widely-acclaimed iGaming expert. We were the very first online gambling software company to start working with cryptocurrencies. SOFTSWISS appeared in July 2009 in Minsk, Belarus. Today SOFTSWISS is a recognised industry leader in iGaming software solutions development. The company has an international team, which counts 1,400+ employees and has an official presence in Poland, Malta, Georgia, and Belarus. To date, the SOFTSWISS client network counts more than 500 iGaming brands. Projects powered by SOFTSWISS receive numerous awards and accolades from industry media. SOFTSWISS steadily enhances the products portfolio with continuous innovations and increases the quality of its services, providing customers with first-class industry solutions. Our values: - High-end solutions based on reliability, security and honesty - Expertise of a professional team with over 10 years of iGaming background - Innovative approach to product development and business processes Our Products: - Sportsbook Platform - Online Casino Platform - Game Aggregator - Jackpot Aggregator - Affilka (Affiliate Platform) - Managed Services Our Services: - First Line Player Support - Player Retention - Player Reactivation - VIP Player Support - Anti-fraud support Our solutions: - Crypto Casino Solution - White Label Casino Solution - Turnkey Casino Solution White Label solutions: - Operating under the SOFTSWISS gambling licences - Ready-to-use payment processing options - SOFTSWISS merchant accounts Why Us? - Over 10 years helping our clients to succeed in the industry - Focus on software security and stability - Top client service based on the client needs - Best industry professionals - Agile methodology at all levels - Cutting-edge innovations - Wide geographical presence Website: www.softswiss.com Email: order@softswiss.com SOFTSWISS. Winning Combination

Company type: Large

Industry: Computer Software / SaaS

Founded: 2018

Company size: 1001 - 5000

Website LinkedIn See all jobs →

Job description

Overview:

SOFTSWISS is growing, and we are seeking a skilled Application Security Engineer to join our team. If you are driven by excellence and share our values, we would love to hear from you.

Purpose of the role:

Our goal is to make sure that we deploy secure software to production without unnecessary bottlenecks, that applications are properly hardened, and security vulnerabilities, once discovered, are fixed by the developers.

As an Application Security Engineer, you will play a crucial role in ensuring the security of our applications throughout the entire software development lifecycle (SDLC). You will partner closely with the product teams to identify, analyze, and mitigate security vulnerabilities, contributing to the creation of trustworthy and robust products.

Key responsibilities:

Partner with product teams during the design phase to facilitate threat modeling and risk assessment sessions.
Perform in-depth manual code reviews on critical applications to identify logical vulnerabilities as part of white-box security assessments.
Tune and adjust rulesets for automated security scanning tools to reduce false positives and improve detection rates.
Develop scripts and automation tools to streamline workflows and free up time for more complex analysis.
Assist developers in understanding security risks and threats discovered during risk assessments, threat modeling, and dynamic testing.
Triage vulnerabilities from the bug bounty program, collaborating with external researchers and internal engineering teams to resolve discovered flaws.
Collaborate with Dev/QA teams throughout the development lifecycle to enhance the application's security posture by providing dedicated security consulting, continuous knowledge sharing, and actionable guidance.
Develop and maintain the internal security knowledge base, including comprehensive secure coding guidelines and technical manuals for standard security features.

Required Experience:

1.5+ years of experience in application security, software development, or related technical roles.
Solid understanding of web fundamentals (e.g., HTTP/HTTPS protocols, cookie storage mechanisms, and session management).
Knowledge of web application security mechanisms and controls (e.g., SOP, CORS, CSP).
Comprehensive understanding of common web vulnerabilities (e.g., OWASP Top 10) and their practical mitigation strategies.
Knowledge of secure system and application architecture alongside secure-by-design principles.
Practical, hands-on expertise in identifying vulnerabilities through manual security assessments and secure code reviews.
Ability to clearly articulate and explain the business impact of identified threats and vulnerabilities to developers and product teams.
A strong security-first mindset with a continuous drive to learn and achieve excellence in the cybersecurity field.
University degree in Computer Science, Information Security, or a related field (or an equivalent combination of education and practical experience).
Intermediate or higher proficiency in English (B2 level or above) for effective technical communication.

Nice to have:

Passion about programming.
Technical knowledge of network and operating systems security.
Hands-on DevSecOps experience.
Practice of participation in bug bounty programs and/or CTFs.
Knowledge of SAST/DAST tools, including customization.
Relevant certifications (i.e., BSCP, eWPT, etc.).

Our Benefits:

Full-time remote work opportunities and flexible working hours
Private insurance
Additional 1 Day Off per calendar year
Sports program compensation
Comprehensive Mental Health Programm
Free online English lessons with a native speaker
Generous referral program
Training, internal workshops, and participation in international professional conferences and corporate events.