Application Security Engineer

At Infobip, we dream big. We value creativity, persistence, and innovation, passionately believing that it is through teamwork that we can all reach greater heights.
Since 2006, we have been innovating at the edge of technological possibilities and are now shaping global communications of the future. Through 75+ offices on six continents, Infobip’s platform is used by almost 80% of the population, making it the largest network of its kind and the only full-stack cloud communication platform globally.
Join us on our mission to create life-changing interactions between humans and online services with new and unseen solutions.

Why is this role important at Infobip?

Every great company’s success starts with having a great product. To write our success story, it is essential that our global, cloud-based products are supported with a stable infrastructure. As an Application Security Engineer, you will have an impact on security aspects of the infrastructure and full application stack which makes the Infobip platform in multiple environments (dev, staging, production), dealing with challenges of protecting the security posture of a complex multi data-center architecture and continually improving it.

You know you are doing a good job when:

• The tools owned by the security team are effectively managed and maintained, ensuring they consistently meet the Infobip platform's SLA requirements, providing a robust security posture.
• Vulnerabilities are detected early in the development lifecycle and mitigated promptly, reducing potential risks to the platform and ensuring system integrity.
• You actively help engineering teams by conducting thorough security assessments of their products, identifying, quantifying, and mitigating security flaws at all stages of the product development process.
• You collaborate closely with software development teams, taking a proactive approach to identify, fix, and prevent security bugs, enhancing the overall security of the applications.
• You produce comprehensive reports that detail your assessment findings, outcomes, and recommendations for further enhancing system security, guiding teams towards better practices.
• Security tools that aid in the detection, prevention, and analysis of threats are effectively implemented and regularly updated, ensuring they remain effective against evolving threats.

More about you:

You possess at least:

• Understanding of the OWASP Top 10, SANS 25 and/or CWE 25.
• Ability to perform penetration testing (applications, lateral movement, and network), with a focus on web applications.
• Ability to perform security audits of different internal products. 
• Ability to consult other dev teams, how to fix their code based on found vulnerabilities.
• Ability to assist code reviews.
• Knowledge of CI/CD.

You possess (the more the better):

• Familiarity with cloud infrastructure and how to conduct penetration testing activities inside a cloud environment, especially AWS/Azure.
• Understanding beyond the OWASP Top 10 by explaining the level of risk to the business.
• Experience in software development/scripting with building & integrating tools, especially by using web APIs to support automatization of security tools.
• Experience in securing a micro-service architecture.
• Can participate in the organization and follow-up of our partner external penetration testing campaigns.
• Development experience with Python, Java, .NET, JavaScript (Node/React), and/or Go.

Also:

• You have an ability to adapt fast and like working in a high-paced environment.
• You build positive, lasting relationships with colleagues in the team.
• A degree in Computer Science, IT, Systems Engineering or a related qualification.
• Security certifications, publications, and/or security project contribution is a plus.
• Experience with popular system virtualization and application containerization.
• Knowledge to participate in incident response and analysis.

Why you should consider this opportunity:

• Big and complex infrastructure – When we talk about a large system, we really mean it. We have datacenters all over the world, from Washington to Hong Kong, and they include around 200 physical and 2000+ virtual servers. Be a part of a system that is live 24/7 and generates traffic that measures in millions of messages every minute.
• Never a dull moment – We work with powerful companies with a strong impact, which pushes us to work on the highest possible level. Work on uncharted challenges and push boundaries on a daily basis.
• Opportunity Knocks. Often. – Being a part of a growing company in a growing industry – we challenge you not to grow! Lots of opportunities for development; whether it’s horizontal, vertical, or angular, we want to support the path that you want to carve.
• Grow your knowledge – Learn as you go, starting from internal education and onboarding from your colleagues to our 3-day dev conference, e-learning and attending conferences. Knowledge is for sharing, and learning is a path to growth.
• Compensation & benefits – Competitive salary, travel allowance, expatriate compensation packages for your business trips, rewards and holiday bonuses, team buildings and other organized activities, company library, organized sports, kitchen stocked with the usual suspects... Talk about a balanced lifestyle!

Infobip employees are people with diverse backgrounds, characteristics, and experiences that share the same passion and talent that helps us achieve our mission. That's why Infobip is committed to creating a diverse workplace and is proud to be an equal-opportunity employer.

All qualified applicants will receive consideration for employment without regard to race, color, ancestry, religion, age, sex, sexual orientation, gender, gender identity, national origin, citizenship, disability, veteran status, or any other part of one's identity.