Application Security Engineer

About ControlUpControlUp is a Digital Experience Monitoring and Optimization platform that transforms the way IT admins manage their environment and troubleshoot issues. Our product suite enables IT Admins to be more proactive and have greater visibility into the digital experience of their users. Most of our customers utilize Citrix, VMware, Nutanix, and/or Microsoft for their virtualization layer. Additionally, we have many customers who utilize IGEL thin clients.
Our CultureWe have a fun and energetic company culture. We fly team members to fun locations across the globe. We value a culture of transparency and curiosity. This is a company with a sense of humor, where we all are hard workers, but we balance that with lots of hilarity interspersed with that hard work.
The RoleWe are seeking an Application Security Engineer with a strong technical background in identifying and mitigating security vulnerabilities in web applications. This role goes beyond traditional security assessments - you will play a key part in strengthening our security posture by performing vulnerability research, developing automation tools, collaborating closely with development teams, and fostering a security-first mindset across the organization.

Who we’re looking for:

• A skilled and pragmatic security expert – You focus on meaningful improvements rather than chasing perfection
• A collaborative problem-solver – You work with developers, product managers, and other teams to integrate security seamlessly, understanding that patience and teamwork drive real change.
• An adaptable and proactive mindset – you’re open to contributing in various ways to enhance security, whether that’s automating processes, educating teams, or helping shape a strong security culture beyond just running pentests

Responsibilities:

• Continuously assess and challenge Controlup’s overall security posture to ensure it's free from vulnerabilities.
• Participate in design reviews and threat modeling sessions.
• Work closely with development, devops and product teams to ensure vulnerabilities are avoided at an early stage.
• Review and prioritize findings of code scanning tools (SAST, SCA)
• Build automations to assist with detecting vulnerabilities.
• Educate Developers and Devops engineer about
• Answer on technical questions raised by customers

Requirements:

• 3+ years of experience in web application security/penetration testing.
• A Deep understanding of web and cloud security threats, exploits, prevention.
• Ability and willingness to write scripts/tools to automate security tasks.
• Ability to communicate complex security concepts to both technical and non-technical audiences clearly and effectively. 
• A team player with an “in it together” approach.
• A proactive and creative mindset

Nice to have's

• Previous experience in an Application Security role within a SaaS company.
• Application security certificates such as OSWE, eWPTX, GWEB, GWAPT.
• Previous experience with security pitfalls of Hybrid SAAS products (on-premise agents talking with cloud services)