Application Security Engineer

Job Description & Summary

Were looking for Application Security Engineers to help secure our clients software products and development pipelines. The ideal candidates have a solid foundation in secure coding practices understand common vulnerabilities and can work closely with development and DevOps teams to integrate security throughout the SDLC.
Youll serve as hands-on contributors helping developers build secure code reviewing design and implementation and automating security testing to enable continuous delivery of secure software.

Key Responsibilities
Conductsecure code reviewsthreat modeling andapplication security assessmentsfor web mobile and API-based applications.
Integrate and maintainsecurity tools(e.g. SAST DAST SCA container scanning) within CI/CD pipelines.
Collaborate with developers totriage remediate and verify vulnerabilitiesidentified through automated tools or penetration tests.
Providesecurity guidance during design and code reviews promoting secure design patterns and coding best practices.
Develop and maintainsecure coding standards playbooks and automation scriptsto streamline security testing.
Partner with the GRC and Risk teams to ensurecompliance with corporate and regulatory security requirements(e.g. ISO 27001 SOC 2 OWASP GDPR).
Support developer enablement throughsecurity training and awareness sessions.
Stay current onemerging security threats frameworks and technologies relevant to the software development lifecycle.

Required Qualifications
25 yearsof experience in Application Security Secure Development or related areas.
Strong understanding ofOWASP Top 10CWE andSANS Top 25vulnerabilities.
Experience withSAST/DAST/SCAtools such as Polaris (Synopsys) Checkmarx Veracode Fortify SonarQube or similar.
Familiarity withCI/CD pipelines(e.g. GitHub Actions GitLab CI Jenkins Azure DevOps).
Working knowledge of one or more programming languages such asJava JavaScript/TypeScript Python C# or Go.
Understanding ofcloud platforms(AWS GCP or Azure) and their security models.
Ability to communicate clearly with both technical and non-technical stakeholders.

Preferred Qualifications
Bachelors degree in computer science Information Security Business Information Systems or equivalent practical experience.
Experience withcontainer and Kubernetes security.
Hands-on experience withthreat modellingandAPI security testing.
Familiarity withInfrastructure as Code (IaC)security (e.g. Terraform CloudFormation).
Relevant certifications such asOSWE GWAPT CSSLP CEH or similar.

Soft Skills
Strong analytical and problem-solving skills.
Collaborative mindset and ability to influence developers and DevOps engineers.
Continuous learner who stays up to date with evolving application security trends.

What we offer:

Company training and excellent opportunities for professional and career growth
Challenging and interesting projects
Professional positive and team-oriented working environment

Competitive salary and comprehensive employee benefit program

Central office location and remote working possibilities

Your skills and experience. Our technology and opportunities. A powerful combination. Be part of the New Equation.

Only short-listed candidates will be contacted.

PricewaterhouseCoopers Bulgaria EOODor PwC Legal Bulgaria Partnership or PricewaterhouseCoopers Audit OOD which runs a recruitment process with its seat and registered address in 9-11 Maria Louisa Blvd. Sofia 1301 Bulgaria (PwC or we) will be the controller of your personal data submitted in your application for a job. Your personal data will be processed for the purpose of performing a recruitment process for the job offered. If you give us explicit consent your personal data will be also processed for participation in further recruitment processes conducted by PwC and sending notifications about job offers in PwC or job related events organized or with the participation of PwC such as career fair. Full information about processing your personal data is available in ourPrivacy statement.

#LI-AK1