Application Security Engineer

Job not on LinkedIn

🔥 0 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Greenlight Planet

WebsiteLinkedInAll Job Openings

1001 - 5000 employees

Founded 2009

⚡ Energy

🌍 Social Impact

👥 B2C

Energy • Social Impact • B2C

Greenlight Planet is a company that has transitioned to the brand Sun King. It specializes in designing, distributing, installing, and financing solar energy solutions, specifically for the 1. 8 billion people without reliable electricity access. The company provides a range of solar products, such as lanterns, home systems, and AC electricity systems, to meet diverse power needs across Africa and Asia. Sun King's solutions facilitate off-grid power access, offering reliable and sustainable energy alternatives to traditional power sources. The company operates on a global scale, including in regions such as East Africa, South Asia, and Oceania, and also provides pay-as-you-go financing options to make solar energy more accessible and affordable.

📋 Description

• Own Application security responsibility for assigned business functions by performing threat modeling, architecture reviews, penetration testing, secure coding programs, and vulnerability management. • Perform manual penetration testing and vulnerability assessments on web applications, APIs, and android mobile applications • Perform security reviews for AI‑native products, models, pipelines, and inference services. • Onboard applications into the SSDLC program and be a security point of contact for the application product. • Own security incident response for product-layer issues, define remediation plans, and track fixes through to closure • Integrate and tune SAST/DAST/IAST/SCA tools in CI/CD, create custom rules where needed and actively triage false positives. • Review and harden cloud infrastructure — Kubernetes RBAC, pod security, network policies, Istio service mesh, Keycloak/OIDC configurations, and IAM across AWS, DigitalOcean, GCP, and Firebase • Communicate vulnerabilities and risk clearly to developers, product managers, and leadership — in language that drives actionable results • Conduct Application security trainings for engineers, product managers etc

🎯 Requirements

• 2–4 years of hands-on application security experience, ideally in product‑based or SaaS companies working directly with engineering teams. • Solid understanding of OWASP Top 10, API Security Top 10, and common authorization flaws including BOLA, BFLA, and privilege escalation • Familiarity with security compliance and data privacy frameworks relevant to fintech (SOC 2, PCI-DSS, GDPR, DPDP or similar) is an advantage • Perform manually testing web apps, APIs, and Android apps, manual code reviews (beyond just running tools). • Familiarity with OAuth2, OIDC, JWT, and typical misconfigurations in providers such as Keycloak and Firebase. • Experience integrating and tuning SAST/DAST (and optionally SCA/IAST) tools within CI/CD pipelines. • Exposure to cloud‑native security: Kubernetes, containers, service mesh (Istio mTLS and policies), and IAM concepts across at least one major cloud provider. • Experience with Cloudflare WAF, perimeter security scanning, and/or red‑team testing is a plus. • Familiarity with AI/LLM security risks (e.g., OWASP LLM Top 10). • Practical experience implementing guardrails, prompt validation, output filtering, or other safety controls in production AI features, or assessing insecure use of third‑party AI APIs. • Ability to script/automate (e.g., Python, Bash) to streamline testing, data collection, and reporting. • Interest in or experience with building AI based security tools that improve coverage or reduce manual toil. • Keep abreast of the latest security vulnerabilities and security trends • Work in a low supervision environment with high accountability • Bachelor's degree in Computer Science, Cyber Security is preferred • At least 2 years of experience in the Application security domain. • Security certification such as OSCP, OSWE, GWAPT, GPEN, CRTP is preferred; active bug bounty participation is a strong plus • Outstanding communication and interpersonal skills, with the ability to engage effectively with diverse stakeholders.

🏖️ Benefits

• Professional growth in a dynamic, rapidly expanding, high-social-impact industry • An open-minded, collaborative culture made up of enthusiastic colleagues who are driven by the challenge of innovation towards profound impact on people and the planet. • A truly multicultural experience: you will have the chance to work with and learn from people from different geographies, nationalities, and backgrounds. • Structured, tailored learning and development programs that help you become a better leader, manager, and professional through the Sun King Center for Leadership.