Infiterra is hiring a Senior Application Security Engineer (Spain)

About the Role

Role details below.

Responsibilities

• Embed security into the SDLC
• Integrate security activities across all SDLC phases: requirements, design, implementation, testing, deployment, and maintenance
• Partner closely with engineering teams to ensure secure development practices are applied consistently
• Review security controls for new features, services, and architectural changes
• Run threat modeling sessions (e.g. STRIDE) for new and existing systems
• Identify threats, attack paths, misconfigurations, and insecure design patterns
• Collaborate with engineers to ensure systems follow secure-by-design principles
• Perform security-focused code reviews to identify vulnerabilities and risky implementations
• Provide clear, actionable guidance on secure coding patterns and best practices
• Assess application and system architectures from a security perspective
• Perform manual and automated web application security testing (e.g. injection flaws, auth issues, access control gaps, insecure configs, logic flaws)
• Operate, tune, and improve AppSec tooling (SAST, DAST, SCA, secrets scanning, dependency scanning)
• Integrate and automate security checks within CI/CD pipelines
• Identify gaps in tooling and recommend or introduce improvements
• Support engineering teams during application security incidents or vulnerability disclosures
• Contribute to triage, impact assessment, and root cause analysis
• Ensure lessons learned are fed back into design, tooling, and processes
• Enable engineers through training, documentation, and hands-on guidance
• Create and maintain secure coding guidelines, checklists, and internal resources
• Act as a trusted security partner, not a blocker

Requirements

• Strong understanding of secure software development principles
• Solid knowledge of common vulnerability classes (OWASP Top 10, CWE)
• Experience working within modern SDLCs and agile development workflows
• Hands-on experience with application security tools (SAST, DAST, SCA, etc.)
• Experience integrating security tooling into CI/CD pipelines
• Experience with web application security testing
• Ability to assess risk pragmatically and prioritize remediation
• Understanding of cloud-native architectures, APIs, and microservices
• Background working closely with product and engineering teams

Nice to Have

• Exposure to security metrics, maturity models, or AppSec program building

Benefits

• Fully remote work
• Work-from-anywhere scheme (travel and work)
• Flexible working hours
• Health and life insurance program
• Learning & development budget
• Tech-driven, friendly team with a international mindset

Work Arrangement

Remote (Country)