Application Security Engineer (Stockbit)

At Stockbit & Bibit, we prioritize the security of our applications and the data of our users. As an Application Security Engineer, you'll play a key role in ensuring the security and integrity of our products from mobile apps to backend systems by working closely with our product and engineering tribesYou'll be directly involved in embedding security practices into our SDLC, partnering with each tribe to identify potential risks early, and helping teams design and build securely by defaultWhy Join Us?You'll be part of a growing security culture that believes in collaboration over gatekeeping — working directly with engineers and product teams to make security a shared responsibility. You'll also have the opportunity to shape how AppSec operates across multiple tribes and influence security strategy at scale.What You'll DoEmbed with Product Tribes: Collaborate closely with engineers, QA, and product managers to ensure security considerations are part of every development stage (SDLC)Secure Code Review: Review application code (mainly Golang and JavaScript) to identify and mitigate vulnerabilities such as SQLi, XSS, CSRF, and IDORSecurity Testing: Conduct penetration testing, vulnerability scanning, and static/dynamic analysis to proactively uncover weaknesses across web, mobile, and backend servicesThreat Modeling: Partner with teams to assess potential threats and design effective mitigationsBug Bounty Management: Triage, validate, and coordinate resolution for bug reports submitted by external researchersSecurity Architecture Guidance: Provide input on secure design patterns, ensuring security is built into architecture and deploymentsIncident Response: Support investigation and remediation of application-related security incidents, minimizing impact and improving detection/prevention mechanismsSecurity Awareness: Promote secure coding practices within the tribes through knowledge-sharing, internal training, and playbooksStay Current: Keep up with the latest vulnerabilities, frameworks, and attack vectors to continuously strengthen our defensesRequirementsWhat We're Looking ForStrong understanding of web and mobile security fundamentalsHands-on experience with penetration testing and secure code reviewFamiliarity with Golang and JavaScript (Stockbit's main tech stack)Experience with static/dynamic analysis tools (e.g., Burp Suite, OWASP ZAP, Snyk, etc.)Ability to communicate complex security concepts in a clear, practical way to developersBonus: Exposure to CI/CD pipeline security, cloud security (AWS/GCP), or DevSecOps practicesBenefitsCapital market sharing sessionSelf development programHealth insurance benefitsWell being and counseling program