Application Security Engineer

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Application Security Engineer in Switzerland.

This role sits at the intersection of software engineering and cybersecurity, focusing on strengthening the security posture of modern web and API-based applications in a fast-moving, product-driven environment. You will work closely with engineering, product, and security teams to identify vulnerabilities, validate security findings, and drive remediation efforts directly into production systems. The position combines hands-on technical security work with collaborative development practices, including code review and secure design discussions. You will play a key role in improving the secure development lifecycle by integrating security tooling and automation into CI/CD pipelines. This is an opportunity to actively shape how security is embedded across engineering teams, while contributing directly to product resilience and user trust. The environment is highly collaborative, remote-first, and built for engineers who enjoy solving real-world security challenges at scale.

• Own and manage bug bounty intake processes, including triaging reports, validating vulnerabilities, and reproducing proof of concepts.
• Collaborate with developers and product teams to design and implement effective remediation strategies for identified security issues.
• Contribute directly to codebases by reviewing and submitting pull requests to fix security vulnerabilities.
• Support validation of external penetration testing results and integrate findings into development backlogs.
• Participate in threat modeling, secure architecture discussions, and security-focused code reviews.
• Enhance Secure Development Lifecycle (SDL) practices, including SAST/DAST integration and security automation within CI/CD pipelines.
• Perform lightweight penetration testing on new features and releases when required.
• Maintain clear and structured documentation of application security processes and best practices.
• Facilitate communication between security, engineering, and product teams to ensure timely resolution of vulnerabilities.

Requirements:

• Previous experience as a software developer or application security engineer in modern web or backend environments.
• Hands-on experience in security testing through bug bounty programs, CTFs, or penetration testing activities.
• Strong understanding of common application security vulnerabilities (e.g., OWASP Top 10: SSRF, IDOR, XSS, etc.).
• Familiarity with security tools such as Burp Suite and SAST/DAST solutions (e.g., SonarQube, Snyk).
• Experience collaborating closely with engineering and product teams in Agile environments.
• Ability to analyze, reproduce, and resolve complex security issues with a “find and fix” mindset.
• Knowledge of secure coding practices for web and API-based applications.
• Exposure to CI/CD pipelines and DevOps tools is considered an advantage.
• Familiarity with infrastructure or security tools such as Terraform, Helm, or WAF solutions is a plus.
• Strong communication and problem-solving skills, with the ability to clearly explain technical security risks.

Benefits:

• Fully remote-first working model with flexibility and international collaboration.
• Opportunity to work in a diverse, multicultural environment with global teams.
• Strong focus on learning, growth, and professional development in cybersecurity.
• Access to learning budgets and remote work support benefits.
• Comprehensive health insurance coverage fully supported by the employer.
• Paid time off and additional remote-friendly perks to support work-life balance.
• Collaborative, feedback-driven culture that encourages innovation and ownership.
• Opportunity to contribute directly to product security at scale in a fast-growing tech environment.