Application Security (AppSec) Engineer

As an Application Security (AppSec) Engineer at Sardine, you will play a critical role in ensuring the security and integrity of our services. You will be a key security partner for our development teams, embedding security principles directly into the Software Development Lifecycle (SDLC). This is a hands-on role for a motivated individual who is passionate about proactively identifying and mitigating security risks, building secure systems, and fostering a strong security culture. You will be instrumental in protecting our company and our customers' data from emerging threats. You will perform security code reviews, vulnerability assessments, and penetration tests on our web applications, mobile applications, and APIs. You'll integrate and manage security tools within our CI/CD pipelines, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). Lead and conduct threat modeling exercises for new features and services to identify potential security risks in the design phase. You will triage, validate, and prioritize vulnerabilities discovered through automated tools, manual testing, and external bug bounty programs. You will collaborate with engineering and product teams to design secure solutions and provide expert guidance on remediation strategies for identified vulnerabilities. You will also develop and maintain security standards, best practices, and documentation for our development teams. Manage security training to educate developers on secure coding practices and emerging threats. Develop custom scripts and automation to enhance our security testing capabilities and streamline security operations. Assist in incident response activities related to application security events.