Lodgify is a fast-growing startup focused on building vacation rental software that enables property owners and managers to independently manage and market their business online. We are an international team of more than 240 people and 50 different nationalities in the heart of Barcelona, and we’ve been featured twice in Wired’s 100 Hottest European startups list.
🌟 About the role
We are seeking a talented and experienced Application Security Engineer to join our CyberSecurity team with experience in SaaS product development world. As an Application Security engineer, you will have the opportunity to improve the security of our Software Development Life Cycle, maintain automation workflows, review code and vulnerabilities, provide security solutions, and contribute to the overall security of our application.
🧞♂️ What you’ll be doing:
- Lead the Implementation of Secure Development Practices: Work on a Secure Software Development Life Cycle (SSDLC) adoption, and integrate security practices into Lodgify’s existing development methodology
- Work with our development teams by designing/reviewing technical solutions to avoid security weaknesses
- Identify tools and processes needed to implement an application security program
- Implement security-focused activities such as threat modeling, secure coding practices, code reviews, and security testing throughout the development process
- Educate and encourage developers to follow secure coding best practices
- Manage and enhance our existing bug bounty program, taking ownership of the coordination and resolution of vulnerabilities reported by external researchers. Review and understand issues, and provide guidance to our developers on how to fix them
- Optimise our WAF protection against common Web Application vulnerabilities and attacks (Cloudflare)
- Contribute to improving the security of our public API, providing security recommendations and solutions.
👩🚀 Technical requirements:
- Minimum of 3 years of experience in a similar Application Security Engineer role, preferably in a SaaS company
- In-depth knowledge of web application security, including common vulnerabilities, attack vectors, and mitigation techniques
- Solid knowledge of OWASP Top 10 and understanding of OWASP testing guide
- Demonstrated experience identifying security issues through code review
- Demonstrated experience in deploying SAST and DAST solutions and verifying their results
- Experience with programming languages (e.g. .NET, ReactJS, Flutter, Python, Bash)
- Familiar with API security tools and processes
- Ability to work collaboratively with cross-functional teams, including developers, QAs and DevOps engineers
- Strengthening security culture: Able to inculcate a security culture among development teams
- Excellent interpersonal and verbal communication skills.
Good to have:
- Experience with WAF administration (Cloudflare)
- Familiar with code management systems, CI/CD, Kubernetes, and microservices architecture
- Familiar with managing external penetration testing processes and results
- Basic knowledge about Public Cloud (GCP, AWS)
- Experience in assessing and securing mobile applications.
– Work from home flexibility.
– Permanent contract with a competitive salary.
– 25 working days of paid vacation.
– Private health insurance (that includes travel insurance, dental plan, and psychologist)
– Monthly meal stipends of 150€.
– Allowance for your home-office setup.
– Computer and gadgets for your daily work.
– Free Spanish classes.
– Referral program with paid compensation.
– Daily breakfast at the office: Coffee, sandwiches, cookies, fruits and much more!
– Opportunities for growth and development with a training budget.
– Great culture & working environment with an international team of over 40 different nationalities.
– Jornada Intensiva in August.
– Mental well-being.
– Regular team-building events and activities.
– Training and mentorship program.
– Yearly performance reviews.
– Sick leave fully covered.
⭐ Why you’ll love us:
You’ll be part of a growing, dynamic company with a truly international team. At Lodgify, we are full of contagious energy, hard work, and passion for what we do. Lodgify is committed to creating a workplace where everyone is heard and feels a sense of belonging.
We are proud to have an international team that acknowledges a variety of backgrounds, perspectives and skills. At Lodgify, we celebrate diversity and difference, and we are strongly committed to building an inclusive environment for all our employees.
All applications must be submitted in English. Applications in any other language will not be considered.