Application/Product Security Engineer
Transition Technologies MS
We are a rapidly growing IT company with global reach. We deal with IT outsourcing and implementation projects in flexible cooperation models, providing access to competence and experts in technologies from mainstream to cloud. TTMS' greatest strength is its skilled professionals, so people are at the heart of our organisational culture.
Tech stack
English
B2SAST
DAST
OWASP
SonarQube
ISO 27001
OSCP
SCA
CISSP
Java
Python
Job description
Your responsibilities:
Security Assessments: Conduct regular security evaluations, including threat modeling, attack surface analysis, and critical risk assessments.
Security Architecture: Design and implement security controls and architecture for both new and existing applications.
Code Review: Analyze source code for security vulnerabilities and provide actionable feedback to developers.
Secure Development Advocacy: Promote secure coding practices through training sessions, workshops, and clear documentation.
Tool Integration: Select and implement security testing tools (e.g., SAST, DAST) to support automated security checks.
Incident Response: Support incident handling related to application security, including root cause analysis and remediation planning.
Cross-Functional Collaboration: Work closely with developers, DevOps, and IT security teams to embed security into the development lifecycle.
Monitoring & Reporting: Track security metrics and deliver regular reports on security posture and compliance status.
We are looking for you, if you have:
A degree in Computer Science or a related technical field.
Solid understanding of coding principles in different languages (e.g., Java, C#, Python, or JavaScript).
Strong grasp of application security principles and secure coding best practices.
Knowledge of network security, encryption, access control, and other core security areas.
Experience with security tools and processes such as SAST, DAST, SCA, and vulnerability scanners (e.g., SonarQube, OWASP ZAP, Nessus, Invicti).
Familiarity with industry standards and frameworks (e.g., OWASP Top Ten, NIST, ISO 27001).
Experience with cloud platforms (AWS, Azure, GCP) and their security features.
Hands-on experience with Docker and Kubernetes.
Fluency in English (spoken and written).
Nice to have: Relevant certifications such as CEH, CISSP, OSCP.
We offer:
Meaningful and challenging projects with real impact.
Flexible working hours and a remote-first approach.
Friendly and supportive work culture – no unnecessary corporate formality.
Stable and long-term cooperation (employment contract or B2B).
Clear development path and opportunities for internal growth.
Attractive benefits package.
We reserve the right to contact the selected candidates.
B2B
Check similar offers
