Application Security Engineer (DevSecOps) in Bucuresti

Location: Remote 

Contract Duration: 6 months (with possibility of extension)

Contract details: B2B/ PFA or SRL

Role Overview

We are looking for an Application Security Engineer to enable secure-by-default delivery of applications and AI-enabled services, while maintaining high engineering velocity.

The role focuses on embedding security into CI/CD pipelines, enabling automated and scalable security controls, and working closely with engineering teams to ensure security findings are actionable, prioritized, and do not slow down delivery.

Key Responsibilities

DevSecOps Enablement

• Ensure DevSecOps pipelines are onboarded and operationalized with appropriate security tooling, including:

  • SCA (Software Composition Analysis)

  • SAST (Static Application Security Testing)

  • DAST (Dynamic Application Security Testing)

• Provide consistent, automated application security coverage across builds and releases.

• Support teams in integrating security controls into existing CI/CD workflows with minimal friction.

Application & AI Security

• Reduce application and AI-specific security risks by embedding secure design and implementation patterns for:

  • agent orchestration

  • APIs and service integrations

  • model interactions and data flows

• Advise engineering teams on secure architecture and implementation best practices for modern and AI-enabled applications.

Security Tooling & Adoption

• Enable rapid adoption of application security tooling (e.g. Checkmarx, Aikido, or similar).

• Ensure security findings are:

  • actionable

  • properly prioritized

  • trusted by engineering teams

• Provide clear remediation guidance and support teams in resolving identified vulnerabilities.

Security Quality & Release Governance

• Define and enforce security quality gates and risk thresholds within CI/CD pipelines.

• Enable informed release decisions based on risk, without introducing manual approvals or delivery bottlenecks.

• Continuously improve security controls based on threat trends, engineering feedback, and lessons learned.

Required Skills & Experience

Application Security & DevSecOps

• Proven experience in Application Security Engineering or DevSecOps roles

• Strong understanding of:

  • secure application design principles

  • OWASP Top 10

  • common web and API vulnerabilities

• Hands-on experience implementing and operating SAST, DAST, and SCA tooling

CI/CD & Engineering Collaboration

• Experience working with modern CI/CD pipelines (e.g. GitHub Actions, GitLab CI, Azure DevOps, Jenkins)

• Ability to embed security controls into pipelines without slowing development teams

• Strong collaboration skills with software engineers and platform teams

Tooling & Automation

• Experience with application security tools such as:

  • Checkmarx

  • Aikido

  • or equivalent AppSec platforms

• Ability to automate security checks and integrate findings into developer workflows

Nice-to-Have

• Experience securing AI or ML-enabled applications

• Familiarity with container and cloud-native environments

• Knowledge of infrastructure-as-code security concepts

• Experience defining risk-based release criteria in large engineering organizations