Application Security Engineer (DevSecOps)

About the role

We are looking for a freelance Application Security Engineer to help our development teams embed security into their daily workflows. You will work across multiple engineering groups to implement and maintain DevSecOps practices and tooling.

Key responsibilities

• Support development teams in adopting secure development and DevSecOps practices.
• Manage and configure application security tooling used across engineering teams.
• Perform secure code reviews using SAST solutions.
• Review third‑party libraries and dependencies through SCA tooling.
• Maintain and improve automated security scanning infrastructure.
• Monitor vulnerability assessments and follow up on remediation activities.
• Coach developers on secure coding practices and application security standards.
• Deliver awareness and training sessions on common security weaknesses.
• Maintain security policies, development guidelines, and compliance rules.
• Support technical investigations related to application security risks and incidents.
• Produce reporting and dashboards related to vulnerabilities and security posture.

Required profile

• Experience in software development or DevOps engineering.
• Strong interest in application security and secure SDLC.
• Good understanding of Agile, CI/CD, and DevOps environments.
• Ability to communicate effectively with developers, architects, testers, and management.
• Analytical mindset with a proactive attitude.
• Excellent English communication skills.

Required skills

• SAST tools
• SCA tools
• GitLab
• Jenkins
• Maven
• Docker
• CI/CD pipeline management
• Agile development practices
• Penetration testing or security testing methodologies
• Network security fundamentals
• Mobile application security (nice to have)
• OWASP principles and secure coding standards