Nebius
Application Security Engineer
Job Summary
The role involves ensuring the security of software by identifying vulnerabilities, implementing best practices, and collaborating with development teams throughout the SDLC. The ideal candidate has over 4 years of experience in application security, with strong knowledge of security risks like OWASP Top 10, and proficiency in programming languages such as Python or Go. Responsibilities include conducting penetration testing, developing secure coding guidelines, and facilitating threat modeling. The position offers opportunities for professional growth within a collaborative and innovative environment, with benefits including competitive compensation and hybrid work arrangements.
Required Skills
Benefits
Job Description
Why work at Nebius
Nebius is leading a new era in cloud computing to serve the global AI economy. We create the tools and resources our customers need to solve real-world challenges and transform industries, without massive infrastructure costs or the need to build large in-house AI/ML teams. Our employees work at the cutting edge of AI cloud infrastructure alongside some of the most experienced and innovative leaders and engineers in the field.
Where we work
Headquartered in Amsterdam and listed on Nasdaq, Nebius has a global footprint with R&D hubs across Europe, North America, and Israel. The team of over 800 employees includes more than 400 highly skilled engineers with deep expertise across hardware and software engineering, as well as an in-house AI R&D team.
The Role
The Security Engineering Team within the Platform Security organization is responsible for the strategic selection, implementation, management, and optimization of cybersecurity tools and technologies that improve security capabilities of the organization's platform. This team is instrumental in fortifying the security posture, proactively identifying and responding to security threats, ensuring the resilience and protection of critical data, systems, and services.
We are looking for an Application Security Engineer who will ensure the security of our software by identifying and mitigating vulnerabilities, implementing best security practices, and collaborating with development teams. The ideal candidate will have a strong background in secure coding, vulnerability assessment, and penetration testing.
Your responsibilities will include:
-
Build and maintain ASPM tools and their rules.
-
Identify, analyze, and remediate application security vulnerabilities using tools like ASPM.
-
Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC).
-
Conduct manual and automated penetration testing of applications.
-
Develop and maintain secure coding guidelines for development teams.
-
Facilitate threat modeling and risk assessments on new and existing applications.
-
Stay updated on the latest security threats, vulnerabilities, and mitigation techniques.
-
Serve as an application security subject matter expert to other teams.
We expect you to have:
-
4+ years of experience in application security.
-
Strong knowledge of common application security risks (e.g. OWASP Top 10) and how to mitigate them.
-
Experience with secure coding practices in languages such as Python, Go, Java, or JavaScript.
-
Proficiency in a common programming language (such as Go or Python) with a willingness to learn Go, if necessary.
-
Hands-on experience with security testing tools (Burp Suite, ZAP, Semgrep, etc.).
-
Understanding of authentication protocols like SAML or OIDC.
-
Experience in conducting threat-modeling sessions.
-
Strong problem-solving and analytical skills.
-
Good written and verbal communication skills in English.
-
Willingness to learn new things.
-
Being comfortable working independently.
It would be an added bonus if you had:
- Confidence in presenting your ideas and opinions in a manner that can be challenged, while responding well to feedback.
-
Experience in designing, building, and maintaining security automation.
-
Experience in translating compliance and regulation requirements into technical specifications.
-
Experience in exploiting vulnerabilities in web applications, Linux kernels, containers, and networks.
-
Security certifications such as OSCP or OSWE.
We conduct coding interviews as part of the process.
What we offer
- Competitive salary and comprehensive benefits package.
- Opportunities for professional growth within Nebius.
- Hybrid working arrangements.
- A dynamic and collaborative work environment that values initiative and innovation.
We’re growing and expanding our products every day. If you’re up to the challenge and are excited about AI and ML as much as we are, join us!
Nebius
Discover the most efficient way to build, tune and run your AI models and applications on top-notch NVIDIA® GPUs.
See more jobsSafe Remote Job Search Tips
Verify Employer Thoroughly
Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.
Never Pay to Get a Job
Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.
Safeguard Your Personal Information
Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.
Scrutinize Communication & Interviews
Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.
Beware of Unrealistic Offers
If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.
Insist on a Formal Contract
Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.