19 days ago

Application Security (AppSec) Engineer

Onsite

Full time

Lisbon, PT

PythonJavaInformation SecurityApplication SecurityPharmaceuticalGoAppSecbug bountyData PlatformmarketplaceMobilenetwork protocolsprivacyteam buildingweb applications

Job description

Joom Group is an international tech-centric group of e-commerce companies founded in 2016 in Latvia. We are here to transform the largest industry in the world, global trade, making it more transparent, efficient, and technology-driven.

Today, Joom Group brings together the following businesses: Joom, a platform for shopping from all over the world; JoomPro, the first end-to-end cross-border B2B marketplace, with successful operations in Brazil and plans to expand to other markets; JoomPulse, data platform that provides analytics and recommendations for marketplace sellers; and Onfy, a pharmaceutical marketplace in Germany. Joom Group’s offices are located in China, Brazil, Portugal, Latvia, and Germany, with headquarters in Lisbon, Portugal. We work as one international team, sharing knowledge and collaborating across countries, businesses, and products.

As we continue to grow and introduce new products and services, we become increasingly susceptible to security threats. We are currently seeking an Application Security Engineer for our infrastructure team to stay informed about current threats and ensure the security of our development and applications.

This role offers the opportunity to develop the application security direction from the ground up and achieve international certification.

We prioritize innovation over bureaucracy and legacy code and are always open to fresh ideas.

Responsibilities

Implement SSDLC with the development team
Analyze the security of the company's products
Assist teams in addressing vulnerabilities
Stay informed about current threats and develop code protections

Requirements

3+ years of experience in web/mobile application security
Experience in securing mobile and web applications
Experience in building secure development processes (SSDLC)
Experience with white box testing
Knowledge of *NIX systems and basic network protocols

Preferred

Experience in bug bounty programs
Relevant information security certifications (e.g., OSCP, CompTIA Security+)
CVE authorship
Proficiency in Go, Python, or Java

We offer

Compensation package: base salary and performance-based bonuses
Office-first: flexible hours with a possibility to work remotely 52 days per year, and 22 days of paid annual leave
Care & Wellbeing: health insurance (including dental care) for employees and their children, daily meal allowance, and 100% paid sick leave
Team & Growth: collaboration with colleagues across Portugal, Brazil, Latvia and China, with opportunities for promotions, professional trainings, and English courses
Community & Engagement: annual team building activities, knowledge-sharing workshops, and a strong sense of team work

Before applying for the above position please review our Candidate Privacy Notice here. By responding to the vacancy, you acknowledge that you have read our Privacy notice.

Good match

We match every vacancy against your profile and show a fit score — so you instantly know which ones are worth applying to. Sign up and create a resume — it's free.

Not enough data to estimate a salary range for this role in this region yet.