App Sec Engineer - Threat Modeling & Secure SDLC

Security | Application Security Engineer SOFTSWISS is growing, and we are seeking a skilled Application Security Engineer to join our team. If you are driven by excellence and share our values, we would love to hear from you. Purpose of the role: Our goal is to make sure that we deploy secure software to production without unnecessary bottlenecks, that applications are properly hardened, and security vulnerabilities, once discovered, are fixed by the developers. As an Application Security Engineer, you will play a crucial role in ensuring the security of our applications throughout the entire software development lifecycle (SDLC). You will partner closely with the product teams to identify, analyze, and mitigate security vulnerabilities, contributing to the creation of trustworthy and robust products. Key responsibilities: Partner with product teams during the design phase to facilitate threat modeling and risk assessment sessions. Perform in-depth manual code reviews on critical applications to identify logical vulnerabilities as part of white-box security assessments. Tune and adjust rulesets for automated security scanning tools to reduce false positives and improve detection rates. Develop scripts and automation tools to streamline workflows and free up time for more complex analysis. Assist developers in understanding security risks and threats discovered during risk assessments, threat modeling, and dynamic testing. Triage vulnerabilities from the bug bounty program, collaborating with external researchers and internal engineering teams to resolve discovered flaws. Collaborate with Dev/QA teams throughout the development lifecycle to enhance the application’s security posture by providing dedicated security consulting, continuous knowledge sharing, and actionable guidance. Develop and maintain the internal security knowledge base, including comprehensive secure coding guidelines and technical manuals for standard security features. Required Experience: 1.5+ years of experience in application security, software development, or related technical roles. Knowledge of web application security mechanisms and controls (e.g., SOP, CORS, CSP). Comprehensive understanding of common web vulnerabilities (e.g., OWASP Top 10) and their practical mitigation strategies. Knowledge of secure system and application architecture alongside secure‑by‑design principles. Practical, hands‑on expertise in identifying vulnerabilities through manual security assessments and secure code reviews. Ability to clearly articulate and explain the business impact of identified threats and vulnerabilities to developers and product teams. A strong security‑first mindset with a continuous drive to learn and achieve excellence in the cybersecurity field. University degree in Computer Science, Information Security, or a related field (or an equivalent combination of education and practical experience). Intermediate or higher proficiency in English (B2 level or above) for effective technical communication. Nice to have: Passion about programming. Technical knowledge of network and operating systems security. Practice of participation in bug bounty programs and/or CTFs. Knowledge of SAST/DAST tools, including customization. Main Advantages Private health insurance Sports benefits Free English lessons (online) Local language courses Paid time off Maternity leave support Referral program rewards Upskilling, internal workshops, and participation in professional conferences and corporate events #J-18808-Ljbffr