Application Security Engineer

Application Security Engineer (Remote)

About Nebius:

Nebius is at the forefront of cloud infrastructure for the global AI economy, developing a full-stack AI cloud platform. We empower developers and enterprises with seamless data and model training to production deployment, eliminating the need for complex in-house AI/ML infrastructure. Founded by engineers, for engineers, we tackle challenging problems across compute, storage, networking, and applied AI, from large-scale GPU orchestration to inference optimization. Headquartered in Amsterdam and listed on Nasdaq (NBIS), Nebius has a global presence with R&D hubs across Europe, the UK, North America, and Israel, employing over 1,500 professionals, including hundreds of engineers with deep expertise.

About the Role

The Security Engineering Team, part of the Platform Security organization, is responsible for the strategic selection, implementation, management, and optimization of cybersecurity tools and technologies. This team plays a crucial role in enhancing the organization's security posture, proactively identifying and responding to threats, and ensuring the resilience and protection of critical data, systems, and services.

We are seeking an experienced Application Security Engineer to ensure the security of our software. You will be responsible for identifying and mitigating vulnerabilities, implementing security best practices, and collaborating closely with development teams. The ideal candidate possesses a strong foundation in secure coding, vulnerability assessment, and penetration testing.

Key Responsibilities

• Build and maintain Application Security Posture Management (ASPM) tools and their associated rules.
• Identify, analyze, and remediate application security vulnerabilities using tools such as ASPM.
• Collaborate with development teams to integrate security best practices throughout the software development lifecycle (SDLC).
• Conduct manual and automated penetration testing of applications.
• Develop and maintain secure coding guidelines for development teams.
• Facilitate threat modeling and risk assessments for new and existing applications.
• Stay current with the latest security threats, vulnerabilities, and mitigation techniques.
• Act as an application security subject matter expert for other teams.

Requirements

• 4+ years of experience in application security.
• Strong understanding of common application security risks (e.g., OWASP Top 10) and their mitigation strategies.
• Experience with secure coding practices in languages such as Python, Go, Java, or JavaScript.
• Proficiency in a common programming language (e.g., Go or Python), with a willingness to learn Go if necessary.
• Hands-on experience with security testing tools (e.g., Burp Suite, ZAP, Semgrep).
• Understanding of authentication protocols such as SAML or OIDC.
• Experience conducting threat-modeling sessions.
• Strong problem-solving and analytical skills.
• Good written and verbal communication skills in English.
• A proactive and independent work ethic.
• A strong desire for continuous learning.

Desirable Qualifications

• Experience in designing, building, and maintaining security automation.
• Experience translating compliance and regulatory requirements into technical specifications.
• Experience exploiting vulnerabilities in web applications, Linux kernels, containers, and networks.
• Security certifications such as OSCP or OSWE.
• Confidence in presenting ideas and responding constructively to feedback.

Please note that coding interviews are part of our selection process.

What We Offer

• Competitive compensation package (Base compensation range: €75,000 - €240,000 EUR, determined by factors including experience, skills, qualifications, and location).
• Opportunities for career growth and continuous learning.
• Flexibility and a sense of ownership in your work.
• A collaborative and innovative work culture.
• The chance to work on impactful AI projects.
• An international environment with talented teams.

Nebius is an equal opportunity employer committed to fostering an inclusive and diverse workplace. Applicants must be authorized to work in their chosen country of employment.