Senior Information Security Engineer - Application Security
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior Information Security Engineer - Application Security based in Romania.
This is an exciting opportunity for a senior security professional to shape and strengthen application security practices within a highly technical, cloud-native environment. The role focuses on embedding security across the entire software development lifecycle, partnering closely with engineering teams to build secure, scalable, and resilient products. You will work on modern technologies, distributed architectures, and CI/CD ecosystems while driving security automation and risk-based decision-making. As part of a collaborative and experienced security team, you will have the opportunity to influence security strategy, improve developer experience, and directly contribute to customer trust and platform integrity. This position offers significant autonomy, global collaboration, and the chance to make a visible impact in a rapidly evolving technology landscape.
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior Information Security Engineer - Application Security based in Romania.
This is an exciting opportunity for a senior security professional to shape and strengthen application security practices within a highly technical, cloud-native environment. The role focuses on embedding security across the entire software development lifecycle, partnering closely with engineering teams to build secure, scalable, and resilient products. You will work on modern technologies, distributed architectures, and CI/CD ecosystems while driving security automation and risk-based decision-making. As part of a collaborative and experienced security team, you will have the opportunity to influence security strategy, improve developer experience, and directly contribute to customer trust and platform integrity. This position offers significant autonomy, global collaboration, and the chance to make a visible impact in a rapidly evolving technology landscape.
Accountabilities
- Partner with engineering teams throughout the software development lifecycle to integrate security-by-design principles into products and services.
- Lead the implementation, optimization, and integration of application security tools, including SAST, DAST, SCA, and container security solutions within CI/CD pipelines.
- Drive vulnerability management initiatives by identifying, prioritizing, and coordinating remediation efforts across applications and software supply chains.
- Conduct secure architecture reviews, threat modeling exercises, and risk assessments for distributed, API-driven, and microservices-based systems.
- Support and coordinate application security incidents, collaborating with internal stakeholders to investigate, mitigate, and learn from security events.
- Contribute to security audits, customer assurance activities, compliance initiatives, and continuous improvement of security processes.
- Promote pragmatic and developer-friendly security practices while enabling teams to make informed, risk-based decisions.
- Help enhance the overall security posture of products and engineering processes through automation, guidance, and strategic security initiatives.
- Significant hands-on experience in software engineering and secure coding practices, particularly within Java-based environments.
- Strong background in securing SaaS platforms, cloud-native applications, and modern CI/CD ecosystems.
- Proven experience conducting secure design reviews, threat modeling, and risk assessments for distributed systems and microservices architectures.
- Deep expertise in application security tooling, including SAST, DAST, SCA, dependency management, and container/image scanning technologies.
- Strong knowledge of vulnerability management processes, including triage, prioritization, remediation coordination, and risk acceptance frameworks.
- Experience managing or supporting security incidents and escalations in complex environments.
- Excellent communication and stakeholder management skills, with the ability to explain complex security concepts to both technical and non-technical audiences.
- Collaborative and developer-centric mindset, focused on enabling secure innovation rather than acting as a gatekeeper.
- Experience with additional technologies such as Python, JavaScript, or TypeScript is considered an advantage.
- Familiarity with Kubernetes, container security, and modern cloud environments is highly desirable.
- Previous experience within B2B software organizations, particularly in high-availability or multi-tenant environments, is a plus.
- Experience delivering security training, workshops, or awareness initiatives for engineering teams is beneficial.
- Competitive and transparent compensation package aligned with experience, skills, and location.
- Equity participation opportunities through a virtual stock option program, where applicable.
- Fully remote and flexible working model with support for home office setups and co-working spaces.
- Flexible time-off policies designed to promote work-life balance and wellbeing.
- Access to global and locally tailored healthcare and wellbeing programs, including mental health support.
- Lifestyle benefits program supporting personal wellbeing, family care, learning, and financial wellness initiatives.
- Retirement, pension, life insurance, and disability coverage where locally applicable.
- Annual learning and development budget for certifications, courses, books, and professional growth initiatives.
- Opportunities for in-person collaboration through annual company gatherings, team off-sites, and local community events.
- Inclusive, international, and highly collaborative culture with significant opportunities for career progression and impact.