Infiterra

Application Security Engineer

Infiterra

full-time

Posted on:

Location Type: Remote

Location: Remote • 🇬🇷 Greece

Visit company website
AI Apply
Apply

Job Level

Mid-LevelSenior

Tech Stack

CloudMicroservicesSDLC

About the role

  • Embed security into the SDLC
  • Integrate security activities across all SDLC phases: requirements, design, implementation, testing, deployment, and maintenance.
  • Partner closely with engineering teams to ensure secure development practices are applied consistently.
  • Review security controls for new features, services, and architectural changes.
  • Run threat modeling sessions (e.g. STRIDE) for new and existing systems.
  • Identify threats, attack paths, misconfigurations, and insecure design patterns.
  • Collaborate with engineers to ensure systems follow secure-by-design principles.
  • Perform security-focused code reviews to identify vulnerabilities and risky implementations.
  • Provide clear, actionable guidance on secure coding patterns and best practices.
  • Assess application and system architectures from a security perspective.
  • Perform manual and automated web application security testing (e.g. injection flaws, auth issues, access control gaps, insecure configs, logic flaws).
  • Operate, tune, and improve AppSec tooling (SAST, DAST, SCA, secrets scanning, dependency scanning).
  • Integrate and automate security checks within CI/CD pipelines.
  • Identify gaps in tooling and recommend or introduce improvements.
  • Measure the maturity and effectiveness of the AppSec program.
  • Track and report security metrics (e.g. vulnerability trends, coverage, remediation progress).
  • Drive continuous improvements based on findings, audits, and industry best practices.
  • Support engineering teams during application security incidents or vulnerability disclosures.
  • Contribute to triage, impact assessment, and root cause analysis.
  • Ensure lessons learned are fed back into design, tooling, and processes.
  • Enable engineers through training, documentation, and hands-on guidance.
  • Create and maintain secure coding guidelines, checklists, and internal resources.
  • Act as a trusted security partner, not a blocker.

Requirements

  • Strong understanding of secure software development principles.
  • Solid knowledge of common vulnerability classes (OWASP Top 10, CWE).
  • Experience working within modern SDLCs and agile development workflows.
  • Hands-on experience with application security tools (SAST, DAST, SCA, etc.).
  • Experience with web application security testing.
  • Ability to assess risk pragmatically and prioritize remediation.
  • Understanding of cloud-native architectures, APIs, and microservices.
  • Experience integrating security tooling into CI/CD pipelines.
  • Background working closely with product and engineering teams.
  • Exposure to security metrics, maturity models, or AppSec program building.
Benefits
  • A tech-passionate team with a friendly culture and an international breed.
  • Fully remote work.
  • Flexible working hours.
  • Work-from-anywhere scheme (travel and work).
  • Learning & development budget.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
secure software development principlesvulnerability assessmentweb application security testingthreat modelingsecure coding patternsapplication security toolsCI/CD integrationrisk assessmentcloud-native architecturesmicroservices
Soft skills
collaborationcommunicationguidancetrainingproblem-solvingcontinuous improvementtrust-buildingprioritizationdocumentationimpact assessment