AppSec Analyst

We are seeking a talented Application Security Analyst to join our security team and play a crucial role in ensuring the security of our applications. In this role, you will conduct comprehensive security assessments, perform hands-on penetration testing and work closely with development teams to identify and remediate security vulnerabilities throughout the software development lifecycle.

- Strong practical experience in web application penetration testing and security assessments (OWASP Top 10, API security, authentication/authorization flaws);

- Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, Nuclei, or similar;

- Solid understanding of common vulnerabilities in modern web applications and APIs (REST, GraphQL, WebSockets);

- Experience in analyzing SAST, DAST, and SCA scan results and triaging findings;

- Ability to write clear, actionable security reports with remediation guidance for development teams;

- Understanding of secure coding practices and common security design patterns;

- Experience identifying business logic vulnerabilities and complex authorization flaws beyond automated testing;

- Ability to analyze application architecture and attack surfaces to guide manual testing;

- Practical understanding of modern authentication and authorization mechanisms (OAuth2, OIDC, JWT);

- Familiarity with integrating security testing into CI/CD and secure SDLC workflows;

- Knowledge of at least one programming/scripting language (Python, JavaScript, Bash) for automation and proof-of-concept development;

- Proficiency in English at an intermediate level or higher.

WOULD BE AN ADVANTAGE

- Professional security certifications such as OSCP, OSWE, CEH, eWPT, or GWAPT;

- Experience with container and Kubernetes security testing

- Familiarity with cloud security (AWS, GCP) and cloud-native application testing;

- Experience in the gambling/gaming or fintech industry with understanding of regulatory requirements;

- Experience with security regression testing and test automation;

- Awareness of application logging, monitoring, and security detection considerations when validating findings;

- Contributions to bug bounty programs or responsible disclosure programs.

MANDATORY REQUIREMENTS

- Minimum of 2-3 years of experience in application security testing, penetration testing, or similar role with proven track record

Security Testing & Assessment

• Conduct manual testing of web applications, APIs, and microservices to identify security vulnerabilities
• Perform regular security assessments of new features and changes before production deployment
• Execute security regression testing to ensure previously identified vulnerabilities remain fixed
• Test authentication and authorization mechanisms, session management, and access controls
• Analyze and validate security findings from automated scanning tools (SAST, DAST, SCA) to eliminate false positives and prioritize real threats

    Vulnerability Management

• Triage, validate, and prioritize security vulnerabilities discovered through testing and automated scans
• Create detailed vulnerability reports with step-by-step reproduction steps, impact assessment, and actionable remediation guidance
• Track remediation progress and verify fixes through re-testing
• Maintain vulnerability database and metrics (MTTR, vulnerability trends, remediation effectiveness)
• Support development teams in understanding and fixing security issues

Security Requirements & Validation

• Collaborate with product teams to define security requirements for new features
• Review and provide security input on technical designs and architecture decisions
• Participate in threat modelling sessions for critical features and system components
• Develop and maintain security test cases and security acceptance criteria
• Validate that security controls are properly implemented according to requirements

Tool Management & Optimization

• Configure, tune, and optimize security scanning tools integrated into CI/CD pipelines
• Develop custom security checks and testing scripts to automate repetitive testing tasks
• Create and maintain testing playbooks and security checklists for common scenarios
• Integrate new security testing tools and techniques into the security testing program
• Maintain testing environments and infrastructure

Collaboration & Knowledge Sharing

• Work closely with development teams to provide guidance on secure coding practices and vulnerability remediation
• Contribute to security documentation, including secure coding guidelines and testing procedures
• Share knowledge about emerging threats, attack techniques, and security trends with the team
• Collaborate with DevSecOps and Infrastructure teams on security improvements

• Comprehensive Health Insurance Prioritizing your well-being with thorough health coverage
• 100% Paid Sick Leave Rest easy knowing youre supported during unexpected health challenges
• Continuous Learning & Growth Access extra education opportunities to keep your career advancing
• Generous Paid Time Off Recharge with 20 paid vacation days, plus additional 6 days off to support you during any important family event or celebration
• Diverse & Dynamic Team Join a vibrant, international team passionate about excellence in product development
• Language Development Tailored language courses to help you excel in a multilingual work environment
• Exciting Corporate Events & Team-Building Embrace your adventurous side with fun team activities
• Top-Quality Equipment Boost productivity with the latest hardware for your role
• Welfare Program Feel secure with financial support available in critical situations
• Celebrating Milestones We honor lifes big moments, from marriage to parenthood, with thoughtful gifts

This position allows for remote or on-site work from one of our offices in Riga, Budva or Barcelona.

#priority medium

#level middle

#relocation yes