Application Security Engineer

About the role

Swapcard is looking for an Application Security Engineer to strengthen the security of its AI‑powered event platform. You will work remotely with a global team of developers, product owners and security specialists to embed security throughout the software development lifecycle.

Key responsibilities

• Own and manage the Bug Bounty program: triage reports, validate findings and reproduce proofs of concept.
• Collaborate with developers and product owners to propose and implement remediation for security issues.
• Write or review pull requests that fix vulnerabilities directly in the codebase.
• Validate external penetration‑test results and integrate findings into the development backlog.
• Contribute to threat modeling, code reviews and security design discussions.
• Support the Secure Development Lifecycle, including SAST, dependency scanning and security automation in CI/CD pipelines.
• Perform lightweight pentesting of new features and releases when needed.
• Maintain clear documentation for AppSec processes and coordinate security communication across teams.

Required profile

• Previous experience as a developer on any modern backend or frontend stack.
• Hands‑on security experience through bug bounty programs, CTFs or pentesting, using tools such as Burp Suite.
• Solid understanding of common application vulnerabilities (OWASP Top 10, SSRF, IDOR, etc.).
• Familiarity with SAST/DAST tools like SonarQube or Snyk.
• Experience collaborating with developers and product teams and a strong “find and fix” mindset.

Required skills

• Bug Bounty program management
• Burp Suite
• OWASP Top 10 knowledge
• SAST and DAST tools (SonarQube, Snyk)
• CI/CD platforms (Jenkins, GitLab CI)
• Infrastructure‑as‑code tools (Terraform, Helm)
• Web Application Firewalls and anti‑bot solutions
• Security automation and developer enablement