Application Security Engineer (Remote in Bulgaria, Germany, Italy, Serbia, Turke

Constructor TECH·Remote(Bulgaria, Germany, Italy, Serbia, Turkey)
Cybersecurity
Excel

WFA Digital Insight

As demand for digital education platforms surges, the need for robust application security is paramount. With a 25% increase in cybersecurity breaches in 2025, companies like Constructor TECH are investing heavily in secure development practices. This role stands out for its emphasis on Software Bill of Materials management and secure SDLC. To succeed, candidates should possess a strong background in web application security, experience with tools like OWASP ZAP, and a solid understanding of secure coding practices. Moreover, the ability to collaborate with development teams and stay current with evolving threats will be essential. According to recent statistics, the application security market is projected to grow by 15% annually, making this an exciting time to join the field.

Job Description

About the Role

Constructor TECH is on a mission to revolutionize digital education, and as an Application Security Engineer, you will play a critical role in ensuring the security and integrity of their platforms. This remote position offers the opportunity to work with a talented team of professionals who share a passion for innovation and security. The successful candidate will be responsible for performing threat modeling, security architecture review, and design analysis for web applications and APIs.

As a key member of the security team, you will collaborate with development teams to identify and remediate vulnerabilities, ensuring the highest level of security for Constructor TECH's platforms. Your expertise will be instrumental in designing and implementing security pipelines, including SAST and DAST, and integrating them into the SDLC process.

What You Will Do

  • Perform threat modeling, security architecture review, and design analysis for web applications and APIs
  • Conduct manual and automated security testing during development and pre-release stages
  • Design and implement security pipelines, including SAST and DAST, and integrate them into the SDLC process
  • Implement and manage SBOM generation and consumption processes across the SDLC
  • Collaborate with development teams to ensure timely remediation of identified vulnerabilities
  • Maintain security guidance aligned with OWASP best practices and provide training for development teams
  • Stay current with evolving application security threats, tools, and industry developments
  • Participate in the development of secure coding practices and standards
  • Collaborate with the development team to ensure the implementation of secure coding practices

What We Are Looking For

  • 3-5 years of experience in application security, with a focus on web applications and API security
  • Good knowledge of at least one scripting or programming language (e.g., Python, JavaScript, C#, or Go)
  • Experience with tools like OWASP ZAP, Burp Suite, Snyk, or similar
  • Familiarity with secure coding, DevSecOps, and container security concepts
  • Strong understanding of CVE, CVSS, and vulnerability disclosure workflows
  • Excellent command of business English
  • Experience with Agile development methodologies
  • Strong problem-solving skills and attention to detail

Nice to Have

  • Knowledge of SBOM standards (CycloneDX, SPDX) and experience integrating SBOM tooling into CI/CD pipelines
  • Knowledge of software composition analysis (SCA) tools
  • Experience with cloud-based security solutions
  • Certification in application security or a related field

Benefits and Perks

  • Choice of work equipment (e.g., laptop, monitor, etc.)
  • English classes (iTalki –
    30 monthly)
  • Flexible schedule (typically between 09:00/10:00 and 18:00/19:00 CET or EET)
  • Newborn bonus (€500 per child)
  • Patent remuneration
  • Paid leave
  • Remote work in locations without our offices
  • Hybrid work in locations with offices (2 days in-office, 3 days remote)
  • Opportunities for professional growth and development
  • Access to cutting-edge security tools and technologies
  • Collaborative and dynamic work environment

How to Stand Out

  • To stand out, highlight your experience with application security testing tools and your understanding of secure coding practices.
  • When applying, ensure your resume is tailored to the role and includes specific examples of your accomplishments in application security.
  • Be prepared to discuss your experience with threat modeling and vulnerability testing during the interview process.
  • Having a solid understanding of cloud-based security solutions can be a significant advantage.
  • Be ready to provide examples of how you have collaborated with development teams to implement secure coding practices.
  • Stay up-to-date with the latest developments in application security, and be prepared to discuss emerging trends and technologies.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.