AppSec Engineer (Middle+/Senior)

#vacancy #AppSec #ApplicationSecurity #InfoSec #CyberSecurity #Job #ITJobs #PenetrationTesting #CodeReview #SecurityArchitect #DevSecOps #ВакансияРФ #РаботаВИТ #AppSecEngineer

🔎We are looking for an AppSec Engineer (Middle+ / Senior) in telecom / delivery | TopSelection company

Hello! We are NOT looking for a DevSecOps engineer (setting up CI/CD and SAST scanners is not your thing). We need a battle-hardened auditor who lives and breathes code and vulnerabilities.

Conditions: 📍 Citizenship and location — Russian Federation (work from one year onwards) 💸 Salary: 350,000 – 400,000 ₽ (gross, negotiable for top experts) 📃 Employment: agreement with an individual entrepreneur

Responsibilities: 🛡 Manual code audit (Code Review for vulnerabilities) 🔍 Internal application penetration tests + work with Burp 📊 Triage of SAST/DAST/SCA results (filtering False Positives) 🏗 Architectural reviews and Threat Modeling 🤝 Interaction with development teams (to ensure vulnerabilities are fixed)

Your profile: ✅ OWASP Top 10, Secure SDLC, Secure by Design ✅ Experience in manual vulnerability discovery (not just "pressed the scanner button") ✅ Deep understanding of code (to the level of pointing out logical errors to a developer) ✅ Burp Suite and dynamic analysis (DAST) — mandatory

Will be a plus: experience as a Security Champion, building AppSec processes from scratch, certifications. 🚫 Important: If your primary expertise is Jenkins configuration/tool integration without in-depth analysis of results, then unfortunately, we are not a good fit.

How to apply: ✍️ Write to Telegram AllaDemHR with the subject line AppSec Engineer