Application Security Engineer

About the Infiterra

Join our mission to grow and transform the subscription economy by simplifying subscription service delivery.

Infiterra’s B2B SaaS platform helps IT Distributors and Managed Service Providers (MSPs) automate and grow their subscription business. With 100+ customers in 75 countries, we're recognized for innovation and global impact—and we’re just getting started. We foster a collaborative and growth-oriented culture, allowing you to be part of a dynamic, forward-thinking team.

About the role

We’re looking for an Application Security Engineer to embed security into how we design, build, and operate software; not as an afterthought, but as part of everyday engineering. You’ll work hands-on with product and engineering teams to identify risks early, improve secure-by-design practices, and continuously raise the bar of our application security posture. This is a practical AppSec role: close to the code, close to the architecture, and deeply integrated into the SDLC.

What you’ll do

Embed security into the SDLC

• Integrate security activities across all SDLC phases: requirements, design, implementation, testing, deployment, and maintenance.
• Partner closely with engineering teams to ensure secure development practices are applied consistently.
• Review security controls for new features, services, and architectural changes.

Threat modeling & secure design

• Run threat modeling sessions (e.g. STRIDE) for new and existing systems.
• Identify threats, attack paths, misconfigurations, and insecure design patterns.
• Collaborate with engineers to ensure systems follow secure-by-design principles.

Secure code & architecture reviews

• Perform security-focused code reviews to identify vulnerabilities and risky implementations.
• Provide clear, actionable guidance on secure coding patterns and best practices.
• Assess application and system architectures from a security perspective.

Security testing & tooling

• Perform manual and automated web application security testing (e.g. injection flaws, auth issues, access control gaps, insecure configs, logic flaws).
• Operate, tune, and improve AppSec tooling (SAST, DAST, SCA, secrets scanning, dependency scanning).
• Integrate and automate security checks within CI/CD pipelines.
• Identify gaps in tooling and recommend or introduce improvements.

Continuous improvement & metrics

• Measure the maturity and effectiveness of the AppSec program.
• Track and report security metrics (e.g. vulnerability trends, coverage, remediation progress).
• Drive continuous improvements based on findings, audits, and industry best practices.

Incident response support

• Support engineering teams during application security incidents or vulnerability disclosures.
• Contribute to triage, impact assessment, and root cause analysis.
• Ensure lessons learned are fed back into design, tooling, and processes.

Security awareness & enablement

• Enable engineers through training, documentation, and hands-on guidance.
• Create and maintain secure coding guidelines, checklists, and internal resources.
• Act as a trusted security partner, not a blocker.

Requirements

Core requirements

• Strong understanding of secure software development principles.
• Solid knowledge of common vulnerability classes (OWASP Top 10, CWE).
• Experience working within modern SDLCs and agile development workflows.
• Hands-on experience with application security tools (SAST, DAST, SCA, etc.).
• Experience with web application security testing.
• Ability to assess risk pragmatically and prioritize remediation.
• Understanding of cloud-native architectures, APIs, and microservices.

Nice to have

• Experience integrating security tooling into CI/CD pipelines.
• Background working closely with product and engineering teams.
• Exposure to security metrics, maturity models, or AppSec program building.

Benefits

• A tech-passionate team with a friendly culture and an international breed.
• Fully remote work.
• Flexible working hours.
• Work-from-anywhere scheme (travel and work).
• Learning & development budget.

If you feel you’re a great fit, please apply!
We’d love to hear from you!

All applications will be treated with confidentiality.
Please note that due to the high volume of CVs received, only candidates who are a good fit will be contacted for an interview.

As part of our commitment to diversity in the workforce, Infiterra is dedicated to Equal Employment Opportunity, ensuring that all individuals are treated with respect and consideration without regard to race, color, national origin, ethnicity, gender, disability, sexual orientation, gender identity, or religion.