Application Security Engineer

Are you an experienced AppSec Engineer with a hacker’s mindset and a developer’s heart? We’re hiring a fully remote Application Security Engineer at Evolveum to secure the world's leading open-source Identity Governance and Administration (IGA) platform!

Details:

• Position: Application Security Engineer
• Allocation: Full-time, Part-time (80%+)
• Location: Fully Remote (EMEA time zones, CZ/SK preferred)
• Salary range: from 3000 EUR/month (final salary depends on the candidate's experience)

What you will do:

• Integrate and maintain security testing tools (SAST/DAST, SCA, IaC) directly into our CI/CD pipelines;
• Conduct vulnerability scanning, perform internal penetration tests on applications/APIs, and prioritize risks;
• Analyze incoming security reports and vulnerability disclosures from our customers and the open-source community;
• Perform security-focused code reviews and work side-by-side with our Java/Python developers to implement secure fixes;
• Partner with our Security Architect and CPO on threat modeling and risk assessments;
• Elevate our team's security posture by delivering developer training based on bug bounty findings, red team exercises, and real-world exploits;
• Support incident response by analyzing threats, proposing solutions, and preparing public vulnerability disclosures.

Skills and qualifications:

Must-haves:

• Proven experience in application security, penetration testing, or red teaming;
• Strong understanding of OWASP Top 10, common vulnerabilities (SQLi, XSS, CSRF, RCE) and relevant NIST frameworks;
• Solid software development background (especially Java);
• Good communication skills – ability to explain security issues to both technical and non-technical colleagues;

Nice-to-haves (Bonus points):

• Experience managing Bug Bounty programs (e.g., HackerOne) or vulnerability disclosures;
• A background in product development or the Identity/Access Management (IAM/IGA) space.

Why Evolveum?

We are a globally recognized, EU-based organization with a dedicated, passionate team. Even though we are an open-source vendor, our paid services and global partner network provide us with incredibly stable revenue. This means you get the best of both worlds: the freedom, community, and transparency of open-source, combined with the financial stability and resources of a top-tier tech firm.

Ready to secure the future of open-source identity?

Click the Easy Apply button!