[Hiring] AppSec Engineer @Paramo Technologies

Role Description

You will be responsible for ensuring that security is integrated adequately across the software development lifecycle (SSDLC), identifying and managing vulnerabilities in code, dependencies, and applications, and supporting development teams in building secure software. You will work closely with developers, infrastructure teams, and the rest of the Information Security Team to detect, analyze, remediate, and prevent security issues in applications and supporting platforms.

Key Responsibilities:

• Manage and operate application security and code vulnerability tools (e.g., SAST, DAST, dependency scanning, container security).
• Identify, analyze, and validate vulnerabilities discovered in source code, applications, containers, and external attack surface.
• Support and oversee vulnerability discovery activities, including:
  • Automated scanning tools
  • Bug bounty findings
  • Manual testing results (where applicable)
• Coordinate and support vulnerability remediation with development teams.
• Manage and improve the Secure Software Development Lifecycle (SSDLC).
• Review and manage the handling of secrets and sensitive data using tools such as HashiCorp Vault.
• Perform security reviews of external libraries, dependencies, and supply chain components.
• Support security testing tools such as OWASP ZAP, Acunetix, Burp Suite, SonarQube, Outpost24 EASM, and container scanning solutions.
• Correlate findings from multiple security tools and prioritize remediation based on risk.
• Ensure vulnerabilities are properly tracked, documented, and managed through Jira tickets.
• Validate that remediation actions are correctly implemented before closing tickets.
• Contribute to defining security standards, guidelines, and best practices for developers.
• Document new procedures or update existing ones related to application and development security.
• Ensure documentation is accurate, comprehensive, and delivered on time.
• Collaborate with SOC, IAM, and SIEM engineers when vulnerabilities or incidents overlap domains.
• Create reports and metrics related to vulnerabilities, remediation status, and SSDLC effectiveness.
• Engage in ongoing training and professional development to stay current with emerging threats, vulnerabilities, and secure development practices.
• Share knowledge and expertise with development and security teams to foster a culture of secure-by-design development.
• Adhere to the organization's different policies.
• Keep your work organized and traceable through tickets (Jira).

Qualifications

• Five years of a university degree or a four-year college diploma, preferably in computer science, telecommunications, or other related academic fields, or equivalent work experience.
• At least 2 years of work experience in application security, DevSecOps, or similar roles.
• Hands-on experience identifying and managing code and application vulnerabilities.
• Experience working with vulnerability scanning tools for:
  • Source code
  • Web applications
  • Containers and dependencies
• Understanding of the Secure Software Development Lifecycle (SSDLC).
• Experience collaborating with development teams on vulnerability remediation.
• Familiarity with secrets management and secure configuration practices.
• Strong analytical and problem-solving skills.
• Ability to work independently and as part of the Information Security Team under minimal supervision.
• Eager to learn and continuously improve security practices.
• Good documentation and reporting skills.
• Technical skills:
  • Solid foundations in networking, application architectures, and cybersecurity.
  • Ability to understand application flows, APIs, and common vulnerability patterns.

Requirements

• Any cybersecurity certification (not essential but "nice to have").
• Familiarity with application security and DevSecOps frameworks.
• Knowledge of OWASP Top 10 and common application vulnerability classes.
• Familiarity with security standards and frameworks such as ISO 27001, NIST, or similar.
• Experience with bug bounty programs.
• Knowledge of common application security tools such as:
  • SonarQube
  • OWASP ZAP
  • Acunetix

Benefits

• 22 days of annual leave.
• 10 days of national holidays.
• Health Insurance options.
• Access to e-learning platforms.
• Possibility of on-site English classes in some countries, and more.