Infiterra is hiring an Application Security Engineer to embed security into how we design, build, and operate software as part of everyday engineering. You will work hands-on with product and engineering teams to identify risks early, improve secure-by-design practices, and continuously raise the bar of our application security posture.
What You'll Do
- Integrate security activities across all SDLC phases: requirements, design, implementation, testing, deployment, and maintenance.
- Partner closely with engineering teams to ensure secure development practices are applied consistently.
- Review security controls for new features, services, and architectural changes.
- Run threat modeling sessions for new and existing systems.
- Identify threats, attack paths, misconfigurations, and insecure design patterns.
- Collaborate with engineers to ensure systems follow secure-by-design principles.
- Perform security-focused code reviews to identify vulnerabilities and risky implementations.
- Provide clear, actionable guidance on secure coding patterns and best practices.
- Assess application and system architectures from a security perspective.
- Perform manual and automated web application security testing.
- Operate, tune, and improve AppSec tooling (SAST, DAST, SCA, secrets scanning, dependency scanning).
- Integrate and automate security checks within CI/CD pipelines.
- Identify gaps in tooling and recommend or introduce improvements.
- Measure the maturity and effectiveness of the AppSec program.
- Track and report security metrics.
- Drive continuous improvements based on findings, audits, and industry best practices.
- Support engineering teams during application security incidents or vulnerability disclosures.
- Contribute to triage, impact assessment, and root cause analysis.
- Ensure lessons learned are fed back into design, tooling, and processes.
- Enable engineers through training, documentation, and hands-on guidance.
- Create and maintain secure coding guidelines, checklists, and internal resources.
- Act as a trusted security partner, not a blocker.
What We're Looking For
- Strong understanding of secure software development principles.
- Solid knowledge of common vulnerability classes (OWASP Top 10, CWE).
- Experience working within modern SDLCs and agile development workflows.
- Hands-on experience with application security tools (SAST, DAST, SCA, etc.).
- Experience with web application security testing.
- Ability to assess risk pragmatically and prioritize remediation.
- Understanding of cloud-native architectures, APIs, and microservices.
Nice to Have
- Experience integrating security tooling into CI/CD pipelines.
- Background working closely with product and engineering teams.
- Exposure to security metrics, maturity models, or AppSec program building.
Benefits & Compensation
- Fully remote work.
- Work-from-anywhere scheme (travel and work).
- Flexible working hours.
- Health and life insurance program.
- Learning & development budget.
- Tech-driven, friendly team with an international mindset.
Work Mode
This is a global, fully remote position.
As part of our commitment to diversity in the workforce, Infiterra is dedicated to Equal Employment Opportunity, ensuring that all individuals are treated with respect and consideration without regard to race, color, national origin, ethnicity, gender, disability, sexual orientation, gender identity, or religion.
