Application Security Engineer II

We don’t think about job roles in a traditional way. We are anti-silo. Anti-career stagnation. Anti-conventional. 

Beyond ONE is a digital services provider radically reshaping the personalised digital ecosystems of consumers in high growth markets around the world. We’re building a digital services aggregator platform, with a strong telco foundation, and a profitable growth strategy that empowers users to drive their own experience—subscribe once, source from many, and only pay for what you actually use. 

Since being founded in 2021, we’ve acquired Virgin Mobile MEA, Friendi Mobile MEA and Virgin Mobile LATAM (with 6.5 million subscribers) and 1600 dedicated  colleagues across Chile, Colombia, KSA, Kuwait, Mexico, Oman and UAE. 

To disrupt for good takes a rebellious spirit, a questioning mind and a warm heart. We really care about how to get things done and not who manages who. We benefit from our diversity, and together, we disrupt the way we and others thinkin about our lives for good.  

Do you want to exchange ideas, learn from each other and leave your mark on our journey? This is the place for you. 

Role Purpose:

The Application Security Engineer II will play a critical role in ensuring the security and resilience of all applications and services across the Beyond ONE group. This role matters because secure application development is fundamental to protecting our customers, stakeholders, and business operations. The engineer will drive best practices in secure coding, remediate vulnerabilities, integrate security controls throughout the software development lifecycle (SDLC), and continuously mature our security processes and posture.

This role will act as a bridge between development teams and the security organization, providing expert technical guidance to embed security principles early and throughout application design and development.

Key Responsibilities:

• Collaborate with development, DevOps, and product teams to integrate security best practices across the SDLC.
• Conduct and manage static/dynamic code analysis and Application Security Testing (DAST/SAST/IAST).
• Identify, prioritize, and remediate application-level vulnerabilities, working closely with engineering owners.
• Design and implement security controls, libraries, frameworks, and automated security tools.
• Develop secure coding guidelines, standards, and reference architectures.
• Conduct threat modeling, code reviews, and security assessments for critical applications.
• Support the implementation of Secure Development Training and Awareness initiatives.
• Maintain and improve secure SDLC processes, policies, and governance frameworks.
• Monitor emerging threats, vulnerabilities, and industry trends to proactively recommend improvements.
• Build technical documentation and reporting for compliance, audits, and executive stakeholders.
• Champion a security-first culture among product and engineering teams.

Qualifications and Attributes:

Education

• Bachelor's degree in Computer Science, Software Engineering, Information Security, or a related field.
• Relevant security certifications preferred (e.g., CSSLP, GWAPT, OSWE, CEH, or equivalent).
• Excellent problem-solving and troubleshooting abilities.
• Good communication and interpersonal skills.
• Ability to work independently and as part of a team.

Experience

• 3-5 years of hands-on application security and/or software development experience.
• Strong background working within a DevOps/Agile environment.
• Experience implementing security in CI/CD pipelines and cloud-native architectures.
• Prior experience conducting secure code reviews, security assessments, and working directly with developers.
• Knowledge of security compliance standards and frameworks (e.g., OWASP, NIST, ISO 27001).

Technical Skills

• Proficient in at least one major programming language such as Java, Python, C#, JavaScript, or Go.
• Strong understanding of web application security principles, OWASP Top 10 risks, and mitigation techniques.
• Experience with application security tooling such as SAST (e.g., Checkmarx, Fortify), DAST (e.g., Burp Suite), SCA (e.g., Snyk, Black Duck), and IAST solutions.
• Familiarity with container security and securing cloud-based applications (e.g., AWS, Azure security practices).
• Chaining and reviewing API security and microservices-based architectures.
• Hands-on experience with threat modeling tools and techniques (e.g., Microsoft Threat Modeling Tool, STRIDE).
• Understanding of authentication and authorization protocols (OAuth2, OIDC, SAML).
• Knowledge of secure CI/CD processes and integrating security into DevOps toolchains (e.g., GitHub Actions, Jenkins).
• Basic knowledge of cryptographic principles and secure data practices.
• Incident handling experience related to application vulnerabilities is a plus.

What we offer:

• Rapid learning opportunities - we enable learning through flexible career paths, exposure to challenging & meaningful work that will help build and strengthen your expertise.
• Hybrid work environment - flexibility to work from home 2 days a week.
• Healthcare and other local benefits offered in market.

By submitting your application, you acknowledge and consent to the use of Greenhouse & BrightHire during the recruitment process. This may include the storage and processing of your data on servers located outside your country of residence. For further information, please contact us at dataprivacy@beyond.one.