Application Security Engineer

Summary

The IT company Andersen invites Application Security Engineer to join our team and contribute to the development of our company while maintaining its unique culture and atmosphere.

Andersen is a European pre-IPO software development company uniting over 3,500 top-class professionals: developers, architects, testers, analysts, and other specialists. Operating in the market since 2007, we have developed 1,000+ outstanding projects for the Financial sector, Healthcare, Logistics, Travel and Hospitality, Telecom, Automotive industry, etc.

Responsibilities

• Leading secure development initiatives, integrating security into the SDLC through threat modeling, secure code reviews, and CI/CD pipeline security controls (SAST/DAST/SCA).
• Overseeing penetration testing engagements, coordinating internal red team exercises and external assessments to identify vulnerabilities in web/mobile apps, APIs, and cloud services.
• Mentoring junior AppSec engineers and developers, providing training on secure coding practices (OWASP Top 10, SANS 25) and remediation guidance for critical flaws.
• Defining and enforcing security standards, ensuring compliance with industry frameworks (NIST SSDF, ISO 27034) while balancing business agility and risk tolerance.

Requirements

• Experience in Application Security, penetration testing, or DevSecOps, combining strong technical expertise with team leadership skills for 5+ years.
• Possession of advanced offensive security certifications such as OSCP, OSWE, or GWAPT, along with secure coding credentials like CSSLP or CASE.
• A degree in Computer Science, Cybersecurity, or Software Engineering. A background in software development is highly valued.
• Strong advocate of shift-left security, with hands-on experience integrating tools like Semgrep, SonarQube, and Checkmarx into CI/CD pipelines.
• Experience leading purple team exercises in collaboration with developers to simulate real-world attacks (e.g., API abuse, SSRF) and improve secure coding practices.
• Deep understanding of cloud-native AppSec, including securing serverless applications, containers (Kubernetes), and Infrastructure as Code (Terraform) against misconfigurations and supply chain threats.
• Ability to communicate technical risks to executive stakeholders, translating them into business impact to support security investment decisions.
• Active participation in bug bounty platforms (e.g., HackerOne, Bugcrowd), CTF competitions, and ongoing research into emerging threats such as AI-generated code vulnerabilities and WebAssembly security.
• A hybrid hacker-developer mindset: capable of exploiting vulnerabilities (e.g., using Burp Suite) and reviewing pull requests for security anti-patterns.
• Level of English – from Upper- Intermediate+ and above.

Reasons to join us

• Experience in teamwork with leaders in FinTech, Healthcare, Retail, Telecom, and others. Andersen cooperates with such businesses as Samsung, Siemens, Johnson & Johnson, BNP Paribas, Ryanair, Mercedes, TUI, Verivox, Allianz, T-Systems, etc..
• The opportunity to change the project and/or develop expertise in an interesting business domain.
• Job conditions – you can work both fully remotely and from the office or can choose a hybrid variant.
• Guarantee of professional, financial, and career growth! The company has introduced systems of mentoring and adaptation for each new employee.
• The opportunity to earn up to an additional 1,000 EUR per month, depending on the level of expertise, which will be included in the annual bonus, by participating in the company's activities.
• Access to the corporate training portal, where the entire knowledge base of the company is collected and which is constantly updated.
• Bright corporate life (parties / pizza days / PlayStation / fruits / coffee / snacks / movies).
• Certification compensation (AWS, PMP, etc).
• Referral program.
• English courses.
• Private health insurance and compensation for sports activities.

Join us!