Back to jobs

Application Security Engineer

Infiterra
Remote Remote - Unknown
$120k - $150k (est.) -19% vs avg
Posted Mar 15, 2026
Apply on himalayas

Leaving for himalayas in 10s

About This Role

Key Technical Requirements and Skills: - Strong experience with application security testing (manual and automated) for identifying vulnerabilities such as injection flaws, authentication/authorization issues, and insecure configurations - Proficiency in operating, tuning, and improving AppSec tooling like SAST, DAST, SCA, secrets scanning, and dependency scanning - Ability to integrate and automate security checks within CI/CD pipelines - Experience with threat modeling (e.g., STRIDE) and secure-by-design principles - Expertise in secure coding patterns and best practices for various programming languages and frameworks Team/Project Information: - This is a practical AppSec role, closely integrated with the product and engineering teams - The goal is to embed security into the software development lifecycle (SDLC) from the beginning, not as an afterthought Unique/Notable Aspects: - Focus on shifting security left an

About Infiterra

Join our mission to grow and transform the subscription economy by simplifying subscription service delivery.

Infiterra enables IT distributors, Managed Service Providers (MSPs), and telcos to succeed in the subscription economy. Our subscription commerce platform automates and unifies subscription workflows - from quote to bill- driving operational efficiency, billing accuracy, and scalable growth.

Recognized as a global leader in subscription commerce, Infiterra combines innovation, performance excellence, and trusted expertise to help partners transform and grow.

About the role

We’re looking for an Application Security Engineer to embed security into how we design, build, and operate software; not as an afterthought, but as part of everyday engineering. You’ll work hands-on with product and engineering teams to identify risks early, improve secure-by-design practices, and continuously raise the bar of our application security posture. This is a practical AppSec role: close to the code, close to the architecture, and deeply integrated into the SDLC.

What you’ll do

Embed security into the SDLC

  • Integrate security activities across all SDLC phases: requirements, design, implementation, testing, deployment, and maintenance.

  • Partner closely with engineering teams to ensure secure development practices are applied consistently.

  • Review security controls for new features, services, and architectural changes.

Threat modeling & secure design

  • Run threat modeling sessions (e.g. STRIDE) for new and existing systems.

  • Identify threats, attack paths, misconfigurations, and insecure design patterns.

  • Collaborate with engineers to ensure systems follow secure-by-design principles.

Secure code & architecture reviews

  • Perform security-focused code reviews to identify vulnerabilities and risky implementations.

  • Provide clear, actionable guidance on secure coding patterns and best practices.

  • Assess application and system architectures from a security perspective.

Security testing & tooling

  • Perform manual and automated web application security testing (e.g. injection flaws, auth issues, access control gaps, insecure configs, logic flaws).

  • Operate, tune, and improve AppSec tooling (SAST, DAST, SCA, secrets scanning, dependency scanning).

  • Integrate and automate security checks within CI/CD pipelines.

  • Identify gaps in tooling and recommend or introduce improvements.

Incident response support

  • Support engineering teams during application security incidents or vulnerability disclosures.

  • Contribute to triage, impact assessment, and root cause analysis.

  • Ensure lessons learned are fed back into design, tooling, and processes.

Security awareness & enablement

  • Enable engineers through training, documentation, and hands-on guidance.

  • Create and maintain secure coding guidelines, checklists, and internal resources.

  • Act as a trusted security partner, not a blocker.

Core requirements

  • Strong understanding of secure software development principles.

  • Solid knowledge of common vulnerability classes (OWASP Top 10, CWE).

  • Experience working within modern SDLCs and agile development workflows.

  • Hands-on experience with application security tools (SAST, DAST, SCA, etc.).

  • Experience with web application security testing.

  • Ability to assess risk pragmatically and prioritize remediation.

  • Understanding of cloud-native architectures, APIs, and microservices.

Nice to have

  • Experience integrating security tooling into CI/CD pipelines.

  • Background working closely with product and engineering teams.

  • Exposure to security metrics, maturity models, or AppSec program building.

Benefits

  • Fully remote work.

  • Work-from-anywhere scheme (travel and work).

  • Flexible working hours.

  • Health and life insurance program.

  • Learning & development budget.

  • Tech-driven, friendly team with a international mindset.

If you feel you’re a great fit, please apply!
We’d love to hear from you!

All applications will be treated with confidentiality.
Please note that due to the high volume of CVs received, only candidates who are a good fit will be contacted for an interview.

As part of our commitment to diversity in the workforce, Infiterra is dedicated to Equal Employment Opportunity, ensuring that all individuals are treated with respect and consideration without regard to race, color, national origin, ethnicity, gender, disability, sexual orientation, gender identity, or religion.

Originally posted on Himalayas

Similar Jobs at Infiterra

Manual QA Engineer (Web & API)
Remote - Unknown
Source: https://himalayas.app/companies/infiterra/jobs/application-s...