Application Security Engineer

We think that security can be an exciting journey. With constantly evolving threat landscape and new technologies around, our success depends on our creativity in identifying new ways of securing what matters most to us.

If you like to :

work smart

be creative

deliver results

develop yourself

act as a team player

and really enjoy cybersecurity, you will fit perfectly our team. Working with us will allow you to cooperate in very good atmosphere with motivated, multinational team and gain experience with leading security solutions. You will be responsible for your part of our security playground and have perspectives to grow your team in the future.If it sounds good to you, join our boutique team of experts developing cybersecurity in diverse organization supporting a wide spectrum of public and private entities by delivering them specialized IT solutions.

Duties and responsibilities :

You will have a chance to grow together with us and actively participate in the process of building new security services and competencies.

You will work on both improving security of our EG environment, as well as products for our customers.

We are looking for new team members with aim to develop in security advisory and drive diverse application security projects who can support us with at least some of the following topics :

• driving application security program and related initiatives to increase application security maturity in the organization
• running application security projects
• acting as a trusted security advisor supporting IT teams and business units with application security related topics
• securing data and systems by defining and implementing application security policies, good practices and standards
• performing reviews and improving security processes in the organization
• defining application security improvements
• testing and implementing new application security tools & solutions (SAST, SCA, DAST, WAF and others)
• securing SDLC process
• improving DevSecOps culture in the organization
• performing threat modelling
• source code reviews
• developing application security good practices and requirements
• advising IT and developers on security topics
• conducting application security trainings for IT and developers

The key skills which can allow you to succeed in this role :

• knowledge of security best practises, identity and access management and vulnerability management, risk management, secure SDLC and incident response principles
• understanding of key concepts of security management
• understanding of secure architecture concepts and security good practises
• understanding of secure application architecture concepts and application security good practises
• understanding of secure SDLC process, DevSecOps approach and secure coding practices
• knowledge of application security tools (SAST, IAST, SCA, DAST, WAF)
• ability to perform basic application penetration tests
• experience with work in agile environment
• knowledge of key security technologies like firewalls, IPS / IDS, Antivirus / EDR, WAF, MFA, CSPM
• ability to perform security & IT assessments or reviews
• knowledge of NIST Cybersecurity Framework, CIS Controls, MITRE ATT&CK and OWASP recommendations and other appsec good practices

At the beginning, we do not expect that you have all of these skills. It is enough that you are motivated to gain them.

What technologies will be used?

• Different application security solutions (SAST, SCA, DAST, WAF)
• Burp Suite or similar for application security testing

Education and experience required :

• B.Sc. or M.Sc. in cybersecurity, IT, telecommunications, or similar
• Security certifications like : OSCP, OSWE, CEH, LPT, GWAPT, GPEN, GXPN, CISSP, CCSP, CISM, PenTest+ or others are a plus
• Understanding of basic security concepts in applications, network, operating systems (Windows, Linux, MacOS), databases, virtual environments, identity and access management, Active Directory and cloud
• Knowledge of application security solutions (SAST, SCA, DAST, WAF) and frameworks
• Knowledge of application basic penetration testing solutions (e.g. Burp, ZAP)
• Knowledge of standard security solutions (firewalls, IPS / IDS, Antivirus / EDR, PAM, MFA, vulnerability scanners) is a plus

The ideal candidate should have at least 3 years of experience in security area

We offer :

• Work in a successful and professional environment with lots of exciting projects
• Get committed colleagues who take responsibility, support and help each other
• Hybrid work combined with your colleagues in our multiple locations and relevant remote work equipment
• A work culture where we respect each other and honor diverse ways of thinking
• Flexible working environment to meet the demands of both your private and professional life

Come as You Are :

Are you a team player, competent and ready to grow? We would love to welcome you to our team. Know someone who would fit right in? Let them know.

We evaluate the applications on an ongoing basis and recruit when the right candidate is found, so please send your CV and application as soon as possible. All inquiries are handled confidentially.

At EG, we develop software for our customers so they can focus on their profession. Our industry-specific software is built by peers from the industry, and backed by the scale of EG for stability, innovation, and security. We are committed to advancing industries by tackling big challenges such as resource use, efficiency, and sustainability.

Join us in creating software that works for people, not software that makes people work.

Read more Visit our , where you can watch two inspiring videos : one where four of our dedicated colleagues into their work at EG, and another about

LI-Hybrid