Our client is a general leader in enterprise orchestration, helping over 400,000 businesses worldwide streamline their operations with its AI-powered platform. They are looking for a highly accomplished Security Engineer - AppSec. This is a full-time, permanent, remote position ideally based in Spain, Portugal, or Bulgaria. Requirements ● Bachelor's degree in Computer Science, Cybersecurity, or a related technical field. ● 4+ years in cybersecurity or software engineering, with at least 2 years focused on application or product security. ● Strong understanding of software development processes and ability to speak the language of engineers. ● Proficiency in one or more programming and scripting languages (e.G., Ruby, Java, Python, JavaScript, Bash). ● Hands-on experience with vulnerability scanners and security testing tools. ● Strong knowledge of threat modeling and security architecture reviews. ● AI/ML security experience, including risk assessment and prevention guidelines. Advantages ● Master's degree in a relevant field ● Prior experience as an application or product security engineer in a SaaS or cloud-native environment ● Advanced certifications (CISSP, OSCP, GPEN, GCIH, GIAC) ● Experience with DevSecOps and security automation ● Network security and encryption standards expertise ● Incident management and response experience ● AWS Security Specialty certification or equivalent cloud security certification ● Expertise in AWS security services (EKS, IAM, KMS, GuardDuty, CloudTrail) Key responsibilities include: ● Secure SDLC Integration: Embed with engineering teams to ensure security is part of every phase of the development lifecycle, from design to deployment. ● Threat Modeling & Design Reviews: Conduct early-stage threat modeling and participate in architectural and design reviews to identify and mitigate risks proactively. ● Security Enablement: Act as a security champion within product teams by providing training, building security knowledge, and driving adoption of secure coding practices. ● Code & Pipeline Reviews: Perform code reviews with a security lens and provide guidance on CI/CD pipeline security. ● Vulnerability Discovery & Triage: Identify and prioritize vulnerabilities using static/dynamic analysis and manual review, and work with developers on remediation strategies. ● Security Tooling & Automation: Collaborate with the broader ProdSec and DevOps teams to improve tooling and automate security feedback loops. ● Cross-Functional Collaboration: Partner with Product, SecOps, and Platform teams to align security with product goals and agile workflows. ● Security Advocacy: Help scale security awareness through documentation, workshops, and informal coaching embedded in daily engineering practice. ● Security Automation: Design and implement automated security tools and processes to improve detection, response, and compliance efficiency. This role offers the opportunity to secure mission-critical systems deployed globally while working with cutting-edge AI and cloud technologies.