Application Security Engineer (DevSecOps)

Location: Remote Contract Duration: 6 months (with possibility of extension) Contract details: B2B/ PFA or SRL Role Overview We are looking for an Application Security Engineer to enable secure-by-default delivery of applications and AI-enabled services, while maintaining high engineering velocity. The role focuses on embedding security into CI/CD pipelines , enabling automated and scalable security controls, and working closely with engineering teams to ensure security findings are actionable, prioritized, and do not slow down delivery. Key Responsibilities DevSecOps Enablement Ensure DevSecOps pipelines are onboarded and operationalized with appropriate security tooling, including: SCA (Software Composition Analysis) SAST (Static Application Security Testing) DAST (Dynamic Application Security Testing) Provide consistent, automated application security coverage across builds and releases. Support teams in integrating security controls into existing CI/CD workflows with minimal friction. Application & AI Security Reduce application and AI-specific security risks by embedding secure design and implementation patterns for: agent orchestration APIs and service integrations model interactions and data flows Advise engineering teams on secure architecture and implementation best practices for modern and AI-enabled applications. Security Tooling & Adoption Enable rapid adoption of application security tooling (e.g. Checkmarx, Aikido, or similar). Ensure security findings are: actionable properly prioritized trusted by engineering teams Provide clear remediation guidance and support teams in resolving identified vulnerabilities. Security Quality & Release Governance Define and enforce security quality gates and risk thresholds within CI/CD pipelines. Enable informed release decisions based on risk, without introducing manual approvals or delivery bottlenecks. Continuously improve security controls based on threat trends, engineering feedback, and lessons learned. Required Skills & Experience Application Security & DevSecOps Proven experience in Application Security Engineering or DevSecOps roles Strong understanding of: secure application design principles OWASP Top 10 common web and API vulnerabilities Hands-on experience implementing and operating SAST, DAST, and SCA tooling CI/CD & Engineering Collaboration Experience working with modern CI/CD pipelines (e.g. GitHub Actions, GitLab CI, Azure DevOps, Jenkins) Ability to embed security controls into pipelines without slowing development teams Strong collaboration skills with software engineers and platform teams Tooling & Automation Experience with application security tools such as: Checkmarx Aikido or equivalent AppSec platforms Ability to automate security checks and integrate findings into developer workflows Nice-to-Have Experience securing AI or ML-enabled applications Familiarity with container and cloud-native environments Knowledge of infrastructure-as-code security concepts Experience defining risk-based release criteria in large engineering organizations