Senior Application Security Engineer

About the Role:

• This role is part of the SRE and Cloud Security teams, blending proactive defense and inquisitive problem-solving.
• You will strengthen systems through rigorous security reviews, penetration testing, and managing the Bug Bounty program.
• Collaboration is key, embedding security throughout the SDLC and empowering engineering teams.

What You Will Do:

• Conduct threat modelling reviews of TDDs and provide actionable security recommendations early in the design process.
• Perform application security assessments, including penetration testing, vulnerability assessments, and PoC development.
• Investigate and respond to Bug Bounty submissions, validating findings and driving remediation.
• Own and improve application-layer protections, including managing Cloudflare WAF.
• Partner with engineering teams to embed security best practices throughout the SDLC.
• Research emerging threats and develop mitigation strategies.
• Deliver security guidance and training to raise security maturity.
• Participate in and eventually lead incident response activities.

About You:

• You have breadth across web, mobile, infrastructure, and cloud security domains.
• You have hands-on experience with white-box penetration testing and source code review.
• You understand Threat Modelling and its application to SDLC.
• You are self-motivated and collaborative, thriving in a remote environment.

Benefits & Perks:

• Competitive salary package and equity package.
• Unlimited holidays and hybrid working schedule.
• Private healthcare and enhanced parental leave.
• Annual training budget and home office setup allowance.