Application Security Specialist

We are looking for an Application Security Specialist. You'll work on building a secure products that delivers secure services. You will be significantly contributing to our secure software development lifecycle. You will be the co-creator of the universe, not a by-stander. You will closely work with product and software teams to define and implement, and test lucid security measures. Your responsibilities will include threat modeling, analyzing applications/services/computing platforms through the entire stack, finding the most appropriate security measures, conducting security testing, and managing vulnerabilities.

Who are we?

At Verne, we're building an ecosystem to progress our society through a journey of curiosity and innovation. Named in honor of Jules Verne "the man who invented the future,". We are the first European solution for autonomous journeys. We adopt an integrated approach, including vehicle design, infrastructure development, and the full digital experience.

As a growing startup, we thrive on curiosity, innovation, and bold ideas. If you’re ready to make your mark in a fast-paced, dynamic environment, this could be the role for you.

What will you do?

Product Security:

• Contribute to defining security and privacy measures that will support business objectives, and user expectations.

Threat modelling:

• Perform detailed analysis of technical solutions to identify security weaknesses and vulnerabilities.
• Work closely with development teams and propose and appropriate security solutions
• Perform comprehensive analysis of system services, code, infrastructure, networks, and applications to identify security issues.
• Identify and address security concerns, ensuring the overall sanity of the system.
• Identify and recommend appropriate security controls to manage identified problems.
• Work with relevant teams to ensure the efficient implementation of security mechanisms.

Development:

• Work with development teams and technical people to integrate security requirements into the SDLC.
• Provide guidance on secure coding practices, and lead the implementation of security controls development.

Security testing:

• Contribute in scoping, planning, and executing security testing, including static/dynamic, code reviews, penetration testing, and other.
• Collaborate with testing teams to ensure that thorough coverage of security testing is achieved.

Fix bad stuff:

• Manage the full lifecycle of vulnerabilities, from identification through to fixing and validation.
• Coordinate with development and operations teams to prioritize and fix vulnerabilities

Documentation:

• Document work a concise and understandable manner
• Create documentation that supports knowledge transfer and enables collaboration

Learn, grow and evolve:

• Learn about industry best practices, emerging threats, and whats going with security technologies.
• Continuously assess and improve security processes to adapt to ever evolving threats and technologies.

What are your regular tasks?

• Define product security and privacy requirements (i.e. work with business people).
• Contribute to software development lifecycle (i.e. work with with developers).
• Contribute to building the platform and the pipeline (i.e. work with with IT/infra/dev/cloud ops).
• Analyze technical solutions to address security weaknesses through the stack
• Analyze system services, spot issues in code, infrastructure, networks and applications
• Figure out the most efficient way of fixing identified issues by applying appropriate security measures
• Design, plan and execute security testing
• Manage vulnerabilities and lead fixing bad things that were discovered
• Document your work in a way that other people can understand it

What do you need to succeed?

• Desire for figuring out how things work, then figure out how to brake them.
• Desire to learn, grow and evolve.
• Courage to speak up when you see a problem.
• Know how and when to say “No”.
• Bachelor’s degree in computer science or related fields.
• 5 years of experience in information/cyber security and/or software development but an security.
• Being an introvert is somewhat expected, but you need to be able to speak with different kinds people on daily basis (both business and tech).
• Therefore, you need to know how to communicate clearly, politely and without creating a conflict.
• Understand concepts of software design and architecture.
• Know how to read, and write code (you are not developer, but you should be able to follow and understand what they’re doing).
• Get how Git works.
• Knowledge about common security tools and techniques across the stack.
• Hands-on experience with threat modelling based on common methodologies.
• Hands-on experience with app sec tools such as SAST/DAST/SCA and other common tools.
• Hands-on experience in implementing security measures into a DevOps pipeline .
• Hands-on experience assessing and securing open-source software components.
• Knowledge how to plan and execute different types of security testing.
• Know how to manage fixing application security issues, and managing risk.

What’s in it for you?

Joining Verne means becoming part of a team shaping the future of autonomous mobility. Here’s what we offer:

• The chance to collaborate with experts from 20+ industries.
• Ownership of your projects, with the freedom to innovate and take initiative.
• A culture of transparency, feedback, and open communication.
• Comprehensive financial and wellbeing support designed to meet diverse needs.
• The excitement of working in a fast-growing startup where your ideas truly matter.

How can you apply?

If this role and our mission resonate with you, hit the Apply button! We typically review applications within 3-4 business days, but since we want to give each one the attention it deserves, please allow a little extra time if needed. Once we've had a chance to fully evaluate your submission, we’ll reach out with details about the next steps.

If shortlisted, here’s what to expect:

1. An initial HR interview focused on culture fit.
2. A technical interview with the Hiring Manager.
3. A final interview with C-level.

Not sure if this role is the right fit?

We’re always looking for creators who challenge the status quo and aren’t afraid to take the lead. If that’s you, explore our story - we might have other opportunities that spark your interest.

Verne (Project 3 Mobility) is a company comprised of people with different qualities and backgrounds, because we believe our differences make us stronger. That is why we evaluate qualified applicants fairly and equally, without regard to race, colour, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, age, familial status, and other legally protected characteristics. All applications will be considered in accordance with the regulations of personal data protection.