Turkey, Istanbul remote Employment

Constructor is hiring an Application Security Engineer

About the Role

Role Overview

As an Application Security Engineer, you will play a central role in safeguarding our software ecosystem by embedding security into every phase of development. Your work will directly influence the resilience of web applications and APIs, ensuring robust protection against emerging threats.

Key Responsibilities

Lead threat modeling sessions and conduct architecture reviews to identify and mitigate risks in application design.
Perform hands-on security testing—both manual and automated—across development and pre-deployment stages.
Build and maintain secure development pipelines by integrating SAST and DAST tools into CI/CD workflows.
Establish and oversee processes for generating, analyzing, and using Software Bill of Materials (SBOM) using standards like CycloneDX and SPDX.
Work closely with engineering teams to prioritize and resolve security findings efficiently.
Develop and deliver security best practices aligned with OWASP guidelines, including developer training and secure coding guidance.
Monitor the threat landscape and adapt tooling and processes to address new vulnerabilities and attack techniques.

Required Qualifications

3–5 years of hands-on experience in application security, particularly with web applications and RESTful APIs.
Proficiency in at least one programming or scripting language such as Python, JavaScript, C#, or Go.
Experience using security tools including OWASP ZAP, Burp Suite, or Snyk.
Familiarity with secure coding principles, DevSecOps practices, and container-based security.
Strong grasp of CVE, CVSS scoring, and vulnerability management workflows.
Fluent in business English, both written and verbal.

Preferred Qualifications

Experience with SBOM standards such as CycloneDX or SPDX and integrating SBOM tooling into CI/CD environments.
Background in software composition analysis (SCA) and managing third-party risk.

Technology Environment

You’ll work with tools and practices including OWASP ZAP, Burp Suite, Snyk, SAST and DAST solutions, CI/CD integration, and SCA platforms to enforce security at scale.

Required Skills

OWASP ZAPBurp SuiteSnykSASTDASTCI/CD pipelinesCycloneDXSPDXSCA toolssecure codingDevSecOpscontainer securityCVECVSSvulnerability disclosure OWASP ZAPBurp SuiteSnykSASTDASTCI/CD pipelinesCycloneDXSPDXSCA toolssecure codingDevSecOpscontainer securityCVECVSSvulnerability disclosure

Got hired remotely?

Get paid like a professional

Remote clients expect company invoices, not personal PayPal requests. Glopay forms an EU partnership that makes you look legitimate while you stay independent.

Professional invoices with EU company details

Compliance handled automatically

Withdraw to any bank account

Income reports for easy tax filing

Create free account

Free signup • 5 min setup

About company

Constructor’s mission is to enable all educational organisations to provide high-quality digital education to 10x people with 10x efficiency. With strong expertise in machine intelligence and data science, Constructor’s all-in-one platform for education and research addresses today’s pressing educational challenges: access inequality, tech clutter, and low engagement of students.

All jobs at Constructor Visit website

Job Details

Category security

Posted 3 hours ago