Application Security Engineer

We’re looking for Application Security Engineers to help secure our clients’ software products and development pipelines. The ideal candidates have a solid foundation in secure coding practices, understand common vulnerabilities, and can work closely with development and DevOps teams to integrate security throughout the SDLC.

You’ll serve as hands-on contributors, helping developers build secure code, reviewing design and implementation, and automating security testing to enable continuous delivery of secure software.

Key Responsibilities

• Conduct secure code reviews, threat modeling, and application security assessments for web, mobile, and API-based applications.
• Integrate and maintain security tools (e.g., SAST, DAST, SCA, container scanning) within CI/CD pipelines.
• Collaborate with developers to triage, remediate, and verify vulnerabilities identified through automated tools or penetration tests.
• Provide security guidance during design and code reviews, promoting secure design patterns and coding best practices.
• Develop and maintain secure coding standards, playbooks, and automation scripts to streamline security testing.
• Partner with the GRC and Risk teams to ensure compliance with corporate and regulatory security requirements (e.g., ISO 27001, SOC 2, OWASP, GDPR).
• Support developer enablement through security training and awareness sessions.
• Stay current on emerging security threats, frameworks, and technologies relevant to the software development lifecycle.

Required Qualifications

• 2–5 years of experience in Application Security, Secure Development, or related areas.
• Strong understanding of OWASP Top 10, CWE, and SANS Top 25 vulnerabilities.
• Experience with SAST/DAST/SCA tools such as Polaris (Synopsys), Checkmarx, Veracode, Fortify, SonarQube, or similar.
• Familiarity with CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins, Azure DevOps).
• Working knowledge of one or more programming languages such as Java, JavaScript/TypeScript, Python, C#, or Go.
• Understanding of cloud platforms (AWS, GCP, or Azure) and their security models.
• Ability to communicate clearly with both technical and non-technical stakeholders.

Preferred Qualifications

• Bachelor’s degree in computer science, Information Security, Business Information Systems, or equivalent practical experience.
• Experience with container and Kubernetes security.
• Hands-on experience with threat modelling and API security testing.
• Familiarity with Infrastructure as Code (IaC) security (e.g., Terraform, CloudFormation).
• Relevant certifications such as OSWE, GWAPT, CSSLP, CEH, or similar.

Soft Skills

• Strong analytical and problem-solving skills.
• Collaborative mindset and ability to influence developers and DevOps engineers.
• Continuous learner who stays up to date with evolving application security trends.

What we offer:

• Company training and excellent opportunities for professional and career growth
• Challenging and interesting projects
• Professional, positive and team-oriented working environment
• Competitive salary and comprehensive employee benefit program
• Central office location and remote working possibilities

Only short-listed candidates will be contacted.

“PricewaterhouseCoopers Bulgaria EOOD, or PwC Legal Bulgaria Partnership, or PricewaterhouseCoopers Audit OOD, which runs a recruitment process, with its seat and registered address in 9-11 Maria Louisa Blvd., Sofia 1301, Bulgaria („PwC” or “we”) will be the controller of your personal data submitted in your application for a job. Your personal data will be processed for the purpose of performing a recruitment process for the job offered. If you give us explicit consent, your personal data will be also processed for participation in further recruitment processes conducted by PwC and sending notifications about job offers in PwC or job related events organized or with the participation of PwC such as career fair. Full information about processing your personal data is available in our Privacy statement.”