Application Security Engineer

🕒 June 30

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of PandaDoc

PandaDoc

501 - 1000 employees

Founded 2011

☁️ SaaS

🤝 B2B

⚡ Productivity

💰 Series C on 2021-09

SaaS • B2B • Productivity

PandaDoc is a comprehensive document management solution that helps businesses streamline their document workflows. It offers a range of features including custom agreement generation, eSignatures, CPQ (configure, price, quote) capabilities, and real-time collaboration tools. PandaDoc is designed for ease of use, enabling teams to automate document creation and management processes, thus improving efficiency and reducing errors. The platform integrates with popular CRM systems, payment gateways, and other tools to facilitate seamless business operations. Focused on security and compliance, PandaDoc supports legal and secure electronic transactions, making it ideal for businesses looking to optimize their agreement management processes.

📋 Description

• Review, test, and monitor our applications to identify security weaknesses • Manage vulnerabilities from discovery through remediation, working directly with engineering teams to resolve them • Respond to infrastructure security alerts and perform hardening, including reviewing roles and permissions across services and APIs • Participate in incident response and root cause analysis • Analyze and monitor relevant security threats and prevention measures based on industry trends and standards • Partner with product, development, and infrastructure teams to embed security requirements into how they build • Integrate and operate automated security testing across the development lifecycle, including SAST, DAST, SCA, secrets detection, container, and supply chain security • Develop security automation and tooling to scale security across engineering • Drive threat modeling and secure-by-design practices across our services • Assess our overall security posture and identify risks, providing recommendations to strengthen it • Assist in addressing emergent threats in AI security as PandaDoc deploys AI in its product and for internal use

🎯 Requirements

• 3+ years of experience with application security tools such as SAST/SCA, DAST, WAF, CI/CD security, and penetration testing • 2+ years of cloud security experience implementing security controls and best practices in AWS, GCP, or Microsoft Azure • Strong background in web application security, including common vulnerability classes (OWASP Top 10, CWE Top 25), attack vectors, and mitigations • Good understanding of access control and identity management principles (SAML 2.0, OAuth, OIDC, JWT, etc.) • Practical skills building security automation and tooling with Python, Bash, or equivalent languages • Experience implementing DevSecOps practices across the SDLC • Familiarity with containerized, Kubernetes-based environments and their security • Solid interpersonal, written, and verbal communication skills • Upper-Intermediate English level (B2+)

🏖️ Benefits

• Multisport Card for fitness and wellness activities (individual or family plan) • LuxMed healthcare coverage (individual or family plan) • UNUM life insurance protection (individual or family plan) • Onboarding benefit allowance that can be used for necessary work equipment and setup • 6 self-care days beyond standard Polish vacation entitlements • Wellness, learning and development budgets • Employees may be able to purchase company stock or receive annual bonuses.

Apply Now

Similar Jobs

🕒 April 1

WiPjobs Recruitment

11 - 50

🎯 Recruiter

🤝 B2B

Application Support Engineer involved in application layer implementation and monitoring server performance. Join a dynamic group in a flexible IT organization based in Poland.

Python

SQL

🕒 February 25

Solidgate

201 - 500

💳 Fintech

☁️ SaaS

🔌 API

Application Security Engineer ensuring secure software development at Solidgate, a fintech platform. Collaborating with engineering teams to embed security into the software development lifecycle.

Cloud