Application Security - Vulnerability Discovery
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for an Application Security - Vulnerability Discovery based in Portugal.
This role focuses on strengthening application security by identifying, analyzing, and reducing vulnerabilities across modern software environments.
You will collaborate with engineering and product teams to improve security practices throughout the software development lifecycle.
The position combines vulnerability management, secure coding expertise, automation, and security research to protect critical applications.
You will play a key role in validating security findings, guiding remediation efforts, and improving security processes at scale.
The ideal candidate will bring strong technical skills, a proactive mindset, and the ability to partner effectively with development teams.
This is an opportunity to contribute to impactful security initiatives while helping build safer, more resilient products.
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for an Application Security - Vulnerability Discovery based in Portugal.
This role focuses on strengthening application security by identifying, analyzing, and reducing vulnerabilities across modern software environments.
You will collaborate with engineering and product teams to improve security practices throughout the software development lifecycle.
The position combines vulnerability management, secure coding expertise, automation, and security research to protect critical applications.
You will play a key role in validating security findings, guiding remediation efforts, and improving security processes at scale.
The ideal candidate will bring strong technical skills, a proactive mindset, and the ability to partner effectively with development teams.
This is an opportunity to contribute to impactful security initiatives while helping build safer, more resilient products.
Accountabilities:
- Triage, validate, prioritize, and manage security vulnerabilities discovered through manual reviews, automated security tools, bug bounty programs, and AI-assisted security platforms.
- Partner with software engineering and product teams to drive remediation efforts, provide actionable security guidance, and ensure timely resolution of findings based on risk and severity.
- Review security-related pull requests, source code changes, and development workflows to identify vulnerabilities and recommend secure implementation approaches.
- Analyze findings generated by AI-powered security tools and automation platforms, reduce false positives, and improve vulnerability detection workflows.
- Participate in security incident response activities, investigations, and root cause analysis related to application security issues.
- Support and enhance secure software development lifecycle (SDLC) practices across engineering organizations.
- Develop security tooling, automation, and workflows to improve vulnerability detection, security coverage, and operational efficiency.
- Configure, optimize, and maintain vulnerability scanning platforms, including policies, schedules, and reporting processes.
- Track remediation progress, security metrics, and risk reduction initiatives while providing visibility to stakeholders.
- Collaborate with security architecture and development teams to improve vulnerability discovery, prioritization, and remediation strategies.
- Create security documentation, best practices, and educational resources to promote secure coding practices across teams.
- Participate in an on-call rotation to support security triage, code reviews, and application security requests.
- 3+ years of experience in application security engineering or a related security role.
- Availability to work until 11:00 AM Pacific Standard Time (PST).
- Strong understanding of application security principles, vulnerability management, and secure software development practices.
- Experience building and scaling Secure Development Lifecycle (SDLC) programs.
- Hands-on experience handling vulnerability reports, bug bounty findings, and security assessments.
- Experience partnering with engineering and product teams to drive security improvements and remediation initiatives.
- Experience triaging and prioritizing vulnerabilities from SAST, DAST, SCA, dependency scanning, penetration testing, and similar security assessments.
- Strong knowledge of common application security risks, including OWASP Top 10, API security, authentication, authorization, secrets management, and cryptography.
- Experience reviewing source code and identifying vulnerabilities across modern programming languages and frameworks.
- Familiarity with security tools such as SAST, DAST, SCA, infrastructure-as-code scanning, secrets detection, and vulnerability management platforms.
- Experience working with cloud-native architectures and public cloud environments, preferably AWS.
- Ability to evaluate security findings, identify meaningful risks, and communicate clear remediation recommendations.
- Strong communication, collaboration, and relationship-building skills.
- Familiarity with AI-assisted development workflows, AI-powered security tools, or LLM-based security applications is a plus.
- Fully remote work opportunity.
- Opportunity to contribute to large-scale application security initiatives.
- Flexible work environment supporting collaboration with distributed teams.
- Ability to work on modern security challenges involving cloud, automation, and AI-powered security technologies.
- Opportunity to influence secure development practices across engineering organizations.
- Exposure to advanced vulnerability management processes and security tooling.
- Professional growth opportunities within a technology-focused environment.
- Opportunity to collaborate with experienced security, engineering, and product professionals.
- Competitive compensation package based on experience and expertise.
The Application Security Engineer will be responsible for identifying security risks, improving vulnerability management processes, and partnering with engineering teams to implement secure development practices.
Requirements:
The ideal candidate is an experienced application security professional with strong technical expertise, excellent collaboration skills, and a proven ability to improve security outcomes across software development environments.