Application Security Engineer
On-site
Full Time
#Technology
#Security
#Software
#Auditing
#SAST
#DAST
#SCA
#Cryptography
#Penetration Testing
#Security Testing
#CI CD Pipelines
#Design
At WOO, we operate the centralized exchange WOO X and the decentralized platform WOOFi, providing users with top-tier liquidity and competitive trading execution. Our team of 170 professionals spans 12 cities worldwide, and we are currently looking for a Senior Application Security Engineer to join our security team to help protect our assets and uphold our commitment to integrity and innovation.
Responsibilities
- Define security controls and design requirements throughout the software development lifecycle.
- Conduct regular application security testing and establish checkpoints to ensure uniform security standards.
- Perform source code audits and identify effective solutions for various security vulnerabilities.
- Collaborate with development teams to integrate SAST and DAST tools into the software lifecycle.
- Apply knowledge of penetration testing and security testing techniques.
- Utilize your understanding of cryptography and encryption algorithms to secure our products.
- Investigate vulnerability reports and support broader security initiatives like threat modeling and audits.
Must-haves
- At least 5 years of professional experience in a security-focused role.
- Proven ability to automate security tests within cloud-based CI/CD pipelines, such as Jenkins or GitLab-CI.
- Hands-on experience with SAST, DAST, and SCA tools like Snyk, Checkmarx, Fortify, AppScan, or Acunetix.
- Strong background in designing security features, including access control, session management, and input validation.
- A self-motivated mindset with the ability to solve problems independently and work effectively across teams.
- Proficiency in English.
- A bachelor’s degree in computer science, cybersecurity, or a related field, or equivalent practical experience.
Nice-to-haves
- Experience working with applications deployed in GCP and K8S environments.
- Familiarity with common attack vectors and conducting your own penetration tests.
- Working knowledge of public and private key cryptography.
- Professional certifications such as OSCP or a history of obtaining CVE numbers.
Benefits
- Remote work flexibility.
- A supportive, collaborative team environment.
- Performance-based annual bonuses for all contributors.





