Senior Application Security Engineer - Spain

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Application Security Engineer in Spain.

This role sits at the intersection of software engineering and cybersecurity, focusing on strengthening the security posture of modern web and API-based applications in a fast-moving, product-driven environment. You will work closely with engineering, product, and security teams to identify vulnerabilities, validate security findings, and drive remediation efforts directly into production systems. The position combines hands-on technical security work with collaborative development practices, including code review and secure design discussions. You will play a key role in improving the secure development lifecycle by integrating security tooling and automation into CI/CD pipelines. This is an opportunity to actively shape how security is embedded across engineering teams, while contributing directly to product resilience and user trust. The environment is highly collaborative, remote-first, and built for engineers who enjoy solving real-world security challenges at scale.

Accountabilities

• Own and manage bug bounty intake processes, including triaging reports, validating vulnerabilities, and reproducing proof of concepts.
• Collaborate with developers and product teams to design and implement effective remediation strategies for identified security issues.
• Contribute directly to codebases by reviewing and submitting pull requests to fix security vulnerabilities.
• Support validation of external penetration testing results and integrate findings into development backlogs.
• Participate in threat modeling, secure architecture discussions, and security-focused code reviews.
• Enhance Secure Development Lifecycle (SDL) practices, including SAST/DAST integration and security automation within CI/CD pipelines.
• Perform lightweight penetration testing on new features and releases when required.
• Maintain clear and structured documentation of application security processes and best practices.
• Facilitate communication between security, engineering, and product teams to ensure timely resolution of vulnerabilities.
  
  

Requirements

Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Previous experience as a software developer or application security engineer in modern web or backend environments.
• Hands-on experience in security testing through bug bounty programs, CTFs, or penetration testing activities.
• Strong understanding of common application security vulnerabilities (e.g., OWASP Top 10: SSRF, IDOR, XSS, etc.).
• Familiarity with security tools such as Burp Suite and SAST/DAST solutions (e.g., SonarQube, Snyk).
• Experience collaborating closely with engineering and product teams in Agile environments.
• Ability to analyze, reproduce, and resolve complex security issues with a “find and fix” mindset.
• Knowledge of secure coding practices for web and API-based applications.
• Exposure to CI/CD pipelines and DevOps tools is considered an advantage.
• Familiarity with infrastructure or security tools such as Terraform, Helm, or WAF solutions is a plus.
• Strong communication and problem-solving skills, with the ability to clearly explain technical security risks.
  
  

Benefits

• Fully remote-first working model with flexibility and international collaboration.

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

• Opportunity to work in a diverse, multicultural environment with global teams.
• Strong focus on learning, growth, and professional development in cybersecurity.
• Access to learning budgets and remote work support benefits.
• Comprehensive health insurance coverage fully supported by the employer.
• Paid time off and additional remote-friendly perks to support work-life balance.
• Collaborative, feedback-driven culture that encourages innovation and ownership.
• Opportunity to contribute directly to product security at scale in a fast-growing tech environment.
  
  

How Jobgether Works

We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.

We appreciate your interest and wish you the best!

Why Apply Through Jobgether?

Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.