Hiring.Camp

Application Security Engineer

Interact Software

·

6 days ago

Location
Manila, PH
Type
Full-time
Department
Engineering

Description

Application Security Engineer

Department: Engineering

Employment Type: Full Time

Location: Manila, PH

Reporting To: Andy Buckley



Description

As an Application Security Engineer you'll make our software secure by building, not by watching dashboards. You'll spend most of your time in the codebase — reading and writing code, manually reviewing changes, hunting for and exploiting vulnerabilities, and shipping the libraries, patterns, and guardrails that make the next class of bug hard to introduce. You'll work shoulder-to-shoulder with engineers, treating security as an engineering problem to be solved at the source rather than a report to be filed. 


A little about you...

  • Read and write real code. Review pull requests for security-relevant changes and contribute fixes directly rather than filing tickets and walking away. 
  • Manually assess applications and APIs — find, exploit, and prove real vulnerabilities, and distinguish genuine risks. 
  • Build secure building blocks: reviewing libraries, safe wrappers, auth patterns, and paved-road templates so the easy way is the secure way. 
  • Perform threat modelling and design reviews on new features, working from how the system actually behaves, not a checklist. 
  • Automate security into CI/CD (Octopus deploy/Azure DevOps) 
  • Fix vulnerabilities; When you find a bug, ask what pattern allowed it and eliminate the pattern. 
  • Support incident investigation and remediation for application security issues and get hands-on with logs, code, and root cause. 
  • Level up engineers through code, examples, and quarterly training 
  • Help shape standards and priorities for the wider engineering teams (this is a small team; you'll have real influence, but the day job is engineering). 
  • Stay updated with the latest security threats, vulnerabilities, and industry trends to proactively address potential risks 
  • Advocate for security best practices and influence engineering culture to prioritize security 
  • Evaluate and adopt new security tools and technologies to enhance the security posture 
  • Participate incident response efforts for application security incidents, including investigation and remediation 
  • Collaborate with compliance teams to ensure applications meet regulatory and industry-specific security requirements (e.g., GDPR, ISO 27001) 
  • Implement and oversee security tools and technologies such as SAST, and DAST solutions 
  • Facilitate security architecture reviews and threat modelling sessions for new and existing applications 
  • Report on security metrics and KPIs to senior management, providing insights into the security posture and areas for improvement 
  • Drive continuous improvement, fostering a culture of security awareness and proactive risk management 
  • Coordinate with third-party vendors and security consultants as needed for specialised assessments or audits 



About the role...

  • Strong software engineering background — you've written and shipped production code, ideally in .NET and/or TypeScript/React, and you can drop into an unfamiliar codebase and reason about it. 
  • Solid application security experience securing web apps and APIs. 
  • Demonstrated ability to find vulnerabilities manually and explain both the exploit and the fix. 
  • Comfortable integrating and, crucially, tuning security testing in CI/CD so the output is trustworthy. 
  • You've influenced engineers as a peer, through code and pragmatism. 
 
Certifications (Preferred): 
  • Offensive/practical certs like OSCP, or an equivalent  
  • Cloud security depth in AWS and/or Azure; container/orchestration security. 
  • Familiarity with GDPR, ISO 27001, SOC 2 as constraints to engineer around. 

  • Expert knowledge of application security principles, practices, and frameworks such as OWASP Top Ten, SANS/CWE Top 25 
  • Proficiency with security testing tools like Burp Suite, OWASP ZAP, Fortify, Checkmarx, SonarQube or similar 
  • Strong understanding of secure coding practices in languages and frameworks such as JavaScript, TypeScript, ReactJS, .NET, and others 
  • Familiarity with DevSecOps practices and integrating security tools into CI/CD pipelines  
  • Knowledge of authentication and authorization protocols such as OAuth, SAML, JWT, and multi-factor authentication 
  • Understanding of cloud security principles and experience with cloud platforms like AWS and/or Azure 
  • Experience with compliance standards and regulations like GDPR, ISO 27001, PCI DSS, and SOC 2 
  • Knowledge of encryption standards, key management, and data protection strategies 
  • Experience with incident response processes and security event management 

  • Excellent communication skills, adept at conveying security concepts to both technical and non-technical stakeholders 
  • High attention to detail with a commitment to maintaining the highest standards of security and quality 
  • Proactive and strategic thinker, able to anticipate security challenges and stay ahead of emerging threats 
  • Collaborative mindset, thriving in a cross-functional team environment and building strong relationships across departments 
  • Passionate about security, with a continuous desire to learn and stay updated on the latest industry trends and threats 
  • Resilient and adaptable, capable of handling high-pressure situations and making sound decisions during security incidents 
  • Ethical and trustworthy, maintaining the highest level of integrity in handling sensitive information 

Skills

JavaScriptTypeScriptReactAWSAzureCI/CDSOCOAuthDevOpsRisk ManagementComplianceSOC 2GDPRISO 27001

Similar Jobs

30

Application Security Engineer

USA - Current Open Positions · USA-TN NVL 1234 Martin St, United States of America

4 days ago

Application Security Engineer

INTAPP · Portugal Remote · Remote

4 days ago

Application Security Engineer

Heartflowinc · San Francisco, California · Hybrid

4 days ago

Application Security Engineer

Zocdoc · USA Remote +1 · Remote

5 days ago

Application Security Engineer

Leidos · 5612 Ashburn VA, United States of America

6 days ago

Engineer, Application Security

Cboe is always looking for · Chicago HQ OPO, United States of America · Hybrid

6 days ago

Application Security Engineer

MicroStrategy · Tysons Corner, VIRGINIA, United States · Onsite

1 week ago

Application Security Engineer

Leidos · 5612 Ashburn VA, United States of America

1 week ago

Application Security Engineer

Figure · Remote · Remote

1 week ago

Application Security Engineer

MicroStrategy · Tysons Corner, VIRGINIA, United States · Onsite

1 week ago

Application Security Engineer

Juara It Solutions · Chennai

2 weeks ago

Application Security Engineer

Alaan · Bengaluru, India

2 weeks ago

Application Security Engineer

Cdk · India - Hyderabad

2 weeks ago

Application Security Engineer

PandaDoc · Remote (Europe) · Remote

2 weeks ago

Application Security Engineer

Booz Allen Hamilton · USA, MD, Fort Meade (6910 Cooper Ave), United States of America

2 weeks ago

Application Security Engineer

Regions · Hoover, AL - Riverchase Operations Center (Birmingham, AL), United States of America +3

2 weeks ago

Application Security Engineer

Intermedia Intelligent Communications · Portugal · Remote

2 weeks ago

Application Security Engineer

Cisco · USA-RESEARCH TRIANGLE PARK, United States of America +1 · Hybrid

2 weeks ago

Application Security Engineer

Oneleet · US · Remote

3 weeks ago

Application Security Engineer

Jobskeyconsultancy · Hyderabad · Hybrid, Onsite

3 weeks ago

Application Security Engineer

Wrike · Estonia - Remote · Remote

3 weeks ago

Application Security Engineer

Wrike · Nicosia · Remote

3 weeks ago

Application Security Engineer

Rockstargames · Leeds, England, United Kingdom · Onsite

3 weeks ago

Application Security Engineer

Intercom · London, England +1

3 weeks ago

Application Security Engineer

MicroStrategy · Tysons Corner, VIRGINIA, United States · Onsite

3 weeks ago

Application Security Engineer

Intercom · Dublin, Ireland

3 weeks ago

Application Security Engineer

Bugcrowd · Remote - Brazil +1 · Remote

3 weeks ago

Application Security Engineer

Iqvia · Porto Salvo, Portugal

1 month ago

Application Security Engineer

Forcepoint · Flex - Cork, Ireland · Hybrid

1 month ago

Application Security Engineer

Forcepoint · Flex - Cork, Ireland · Hybrid

1 month ago
Application Security Engineer at Interact Software | Hiring.Camp