Senior Application Security Engineer

What you tell your friends you do

"I help developers build cool stuff - safely."

What you really will be doing

🧠 Own Aize’s Application Security strategy, driving a security-first culture across our engineering teams

🛡 Training developers on secure coding practices and following up on issues flagged by our security tooling (like Snyk and Microsoft Defender).

🛠 Designing, implementing, and operating security tools and continuously improving our secure SDLC processes.

📋 Contribute to ISO 27001 compliance by running threat modeling exercises and security architecture reviews as well as participating in architectural discussions.

⚖️ Prioritize security initiatives and remediation efforts based on risk assessment, threat landscape, business impact, and technical feasibility.

How you will be doing this

• Establish and improve secure development processes across our teams

• Work closely with developers and coach them on secure coding practices

• Both react to threats and work proactively to get ahead of them

• Work with devs, platform teams, and product managers to embed security at every stage

• Strategically balance addressing security debt in our established product suite (Java, Python, Go, Angular, MySQL etc.) with proactively shaping secure design and integrating security tooling for significant greenfield development projects (C#, React, MongoDB etc).

• Collaborate across disciplines, bringing a strong security voice into our day-to-day

Team

You’ll be joining a small but mighty security function, where you’ll work closely with other teams and developers to continually develop and enhance our security. You’ll get the opportunity to build and shape the application security function and directly influence our security posture and culture.

Who we think you are

• A proactive person who takes ownership of security improvements and adapts quickly to new situations.

• Experienced in SaaS cloud solutions (ideally with Azure) and familiar with DevSecOps practices. Familiarity with the broader Microsoft E5 security suite (Defender suite, Sentinel, Entra ID) is a strong plus.

• Ability to handle security in both legacy systems (addressing technical debt) and greenfield projects (building security in).

• Understanding of OWASP Top 10, ASVS, secure coding practices, threat modeling (STRIDE, etc.), and security architecture review across one or more languages like C#, React, Java, Python, Go, TypeScript/Angular.

• Solid understanding of modern web app and API security and mitigations.

• A strong collaborator skilled at building relationships and influencing across development, platform, and product teams.

• Comfortable using pentesting tools and experienced in security reviews or vulnerability assessments.

We offer

• Money

• Hybrid work and flexible hours

• A MacBook or laptop running Windows, so you can get stuff done

• To help you keep your money, we also chip in on your pension, pay for your work travels and keep you safe with insurance

• Speaking of your wellbeing, we have a private health clinic on-site and pay for your check-ups

• Room for you to do things your way and be who you are

• Lots of things you can learn and share through our professional Guilds, to help you further develop and inspire those around you

• Vacation - maybe you want to use a couple of days in one of our cabins; Gaustablikk, Beitostølen, Hafjell, Tjøme, Spain ++? But please come back🥹

• We like to help nurture your passion by giving you the opportunity to visit events and expand your knowledge through training and courses (you choose what works for you)

• Of course, we also have the industry standard perks such as a free phone plan, broadband at home, hardware, on-site gym, afterwork, ping pong table, great lunch, team activities, and fun parties