Application Security Engineer

Puzzel: The Low-Down 🔍

Puzzel is a leading provider of cloud-based contact center solutions, empowering businesses to deliver exceptional customer service. Our platform combines omnichannel contact center, workforce management, and AI-driven analytics to optimize customer interactions and operational efficiency.

With 25 years’ experience since our foundation in Norway, we’re already #1 in the Nordics, growing rapidly in the UK and expanding into the Netherlands and Finland in 2024, but our ambition is to become the clear European market-leader in the coming years 🚀

Why we’re proud

• 2024 CX Awards Winner, ‘Best Mid-Market Contact Center Platform’
• Puzzel was recognised as the 'most innovative European-founded CCaaS provider' and top 3 globally by Frost & Sullivan in 2023
• Best Practices Company of the Year 2023
• Consistently high Glassdoor rating
• 2023 customer NPS score of 37
• Puzzel places high importance on work-life balance and flexible working hours - as recognised by Flexa, placing 25th out of all companies they partner with in 2023!
• We are working with Mercer on salary benchmarking, to ensure pay equality and market competitiveness

Key Data Points

• €50m revenue in FY 2023 (up from €45m in 2022)
• Currently ~295 employees
• Used by more than 1100 businesses across 40 countries
• Servicing ~60,000 customer service agents on a daily basis + 800 million customer interactions yearly

What you'll do 🏡💻

The Application Security Engineer is a senior role which work closely with Puzzel’s Security Engineer and CISO to ensure a good and coherent security architecture compliant with contracts and compliance requirements. You will play a pivotal role in ensuring the security of our SaaS applications by identifying, assessing, and mitigating security risks across the software development lifecycle (SDLC). You will collaborate closely with product, engineering, and DevOps teams to embed security practices into every stage of development and help drive the adoption of secure coding practices. Together with the Security Engineer and CISO you will decide, develop, implement and enforce security standards, frameworks and policies.

Key Responsibilities:

• Collaborate with product teams to integrate security best practices into the SDLC, including threat modelling, secure design reviews, secure code development and testing.
• Conduct security assessments of applications and APIs, identifying vulnerabilities and working with developers to remediate them.
• Monitor vulnerabilities reported by internal teams, external researchers, or automated tools.
• Build and maintain automated security tools to streamline vulnerability detection and prevention.
• Partner with DevOps team members to implement and manage security-focused CI/CD pipeline integrations.
• Assist in identifying and mitigating security incidents related to applications, such as unauthorized access, data breaches, or API exploitation.
• Participate in post-incident analysis and contribute to long-term security improvements.
• Advocate for secure coding practices by conducting training, workshops, and awareness sessions for developers.
• Serve as a subject-matter expert (SME) for application security within the organization.
• Ensure compliance with relevant industry standards and regulations, such as ISO 27001, SOC 2, or GDPR, as they relate to application security.

The must haves 💪

• University degree in software development.
  
• Proven experience (e.g., 3+ years) in application security or software engineering with a focus on security.
  
• Strong understanding of common security vulnerabilities (e.g., OWASP Top 10) and how to mitigate them.
  
• Experience with secure coding practices in languages commonly used in SaaS (e.g., Python, Java, C#, JavaScript, etc.).
  
• Hands-on experience with security tools such as SAST, DAST, IAST, or dependency scanning.
  
• Knowledge of authentication and authorization protocols (e.g., OAuth, SAML, OpenID Connect).

The nice to haves ➕➕➕

• Familiarity with cloud security (e.g., AWS, Azure, or GCP) and containerization (e.g., Docker, Kubernetes).
• Strong analytical and problem-solving skills with attention to detail.
• Strong communication skills with the ability to explain complex security concepts to non-technical stakeholders.
• A proactive mindset for identifying and mitigating risks before they impact the business.
• Collaborative and team-oriented approach to working across functions and departments.

The location

This role is based in Sofia, Bulgaria, with an expectation of working 2-3 days per week in the office.

What’s In it for You? 💰

• Competitive fixed salary
• Flexible, hybrid approach to working; split your time between the office and home
• You get to be part of a fun, driven and supportive team
• Gift on your birthday
• Annual Summer and Christmas parties
• Excellent development opportunities and a great company culture

What to expect from the interview process ❔

• Screening call with Talent Acquisition
• 1st interview with Hiring Manager
• 2nd interview with Director of Development and Chief Technology Officer
• Final Interview – On-Site Visit

Puzzel Values 🎯

• Built on Trust – trust is an intrinsic Nordic value, upon which Puzzel has been built. We trust each other and our customers and partners trust us.
• Stronger Together – working together in a genuinely collaborative way, with a shared purpose, we have an empowered organisation that is better equipped to delight customers and partners.
• Stay Hungry – have a continuous hunger to raise our game, innovate and be the best we can be professionally.

Diversity & Inclusion 🌍

We want everyone at Puzzel to be their true, authentic selves at work irrespective of nationality, race, ethnicity, religion, sexual orientation, gender identity, physical ability, age, or economic background.

Whilst we are proud to already have a diverse workforce from across the globe, we are aware that things could always be improved – for example, we currently have a ratio of female 26:74 male employees, which whilst not uncommon for the tech industry (average in SaaS is 26% female), it’s far from ideal. So, what are we doing to improve this?

• Our Global Leadership Team (C-suite) has shifted from 100% male to 50 male: 50 female in the past 18 months.
• We have increased our % of female hires from 23.6% in 2021 to 38.5% in 2023.
• We are partnering with the likes of Flexa, who have significantly higher-than-average talent pools of candidates from diverse backgrounds.
• We are working with State Employment initiatives in Norway and Sweden to bring candidates through internship/apprenticeship routes and are investigating similar initiatives in the UK and Bulgaria.
• By raising awareness and transparency, we are hoping to further attract a diverse workforce.

We are continuously striving to foster an inclusive and diverse environment, where everyone is celebrated for who they are. If there is anything we can do to support you in the interview process, or beyond, please let us know.

One Last Thing ☝🏻

Even if you feel you are only a 75% match for this role, we still want to hear from you. This list is purely indicative. Skills can always be learnt.

Please note that we are not able to provide sponsorship for this role, so you must have eligibility to work in the country you are applying for.

By applying you accept the terms of our Privacy Notice which can be found on our website. Puzzel are not considering candidates that do not have a work permit in the country we are hiring in.