Job Description & Summary
We’re looking for an Application Security Engineer to help secure our software products and development pipelines. The ideal candidate has a solid foundation in secure coding practices, understands common vulnerabilities, and can work closely with development and DevOps teams to integrate security throughout the SDLC.You’ll serve as a hands-on contributor, helping developers build secure code, reviewing design and implementation, and automating security testing to enable continuous delivery of secure software.
Key Responsibilities
Conduct secure code reviews, threat modeling, and application security assessments for web, mobile, and API-based applications.
Integrate and maintain security tools (e.g., SAST, DAST, SCA, container scanning) within CI/CD pipelines.
Collaborate with developers to triage, remediate, and verify vulnerabilities identified through automated tools or penetration tests.
Provide security guidance during design and code reviews, promoting secure design patterns and coding best practices.
Develop and maintain secure coding standards, playbooks, and automation scripts to streamline security testing.
Partner with the GRC and Risk teams to ensure compliance with corporate and regulatory security requirements (e.g., ISO 27001, SOC 2, OWASP, GDPR).
Support developer enablement through security training and awareness sessions.
Stay current on emerging security threats, frameworks, and technologies relevant to the software development lifecycle.
Required Qualifications
2–5 years of experience in Application Security, Secure Development, or related areas.
Strong understanding of OWASP Top 10, CWE, and SANS Top 25 vulnerabilities.
Experience with SAST/DAST/SCA tools such as Polaris (Synopsys), Checkmarx, Veracode, Fortify, SonarQube, or similar.
Familiarity with CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins, Azure DevOps).
Working knowledge of one or more programming languages such as Java, JavaScript/TypeScript, Python, C#, or Go.
Understanding of cloud platforms (AWS, GCP, or Azure) and their security models.
Ability to communicate clearly with both technical and non-technical stakeholders.
Preferred Qualifications
Bachelor’s degree in Computer Science, Information Security, or equivalent practical experience.
Experience with container and Kubernetes security.
Hands-on experience with threat modeling and API security testing.
Familiarity with Infrastructure as Code (IaC) security (e.g., Terraform, CloudFormation).
Relevant certifications such as OSWE, GWAPT, CSSLP, CEH, or similar.
Soft Skills
Strong analytical and problem-solving skills.
Collaborative mindset and ability to influence developers and DevOps engineers.
Continuous learner who stays up to date with evolving application security trends.
What we offer:
Company training and excellent opportunities for professional and career growth
Challenging and interesting projects
Professional, positive and team-oriented working environment
Competitive salary and comprehensive employee benefit program
Central office location
Your skills and experience. Our technology and opportunities. A powerful combination. Be part of the New Equation.
Only short-listed candidates will be contacted.
"PricewaterhouseCoopers Bulgaria EOOD, or PwC Legal Bulgaria Partnership, or PricewaterhouseCoopers Audit OOD, which runs a recruitment process, with its seat and registered address in 9-11 Maria Louisa Blvd., Sofia 1301, Bulgaria („PwC” or “we”) will be the controller of your personal data submitted in your application for a job. Your personal data will be processed for the purpose of performing a recruitment process for the job offered. If you give us explicit consent, your personal data will be also processed for participation in further recruitment processes conducted by PwC and sending notifications about job offers in PwC or job related events organized or with the participation of PwC such as career fair. Full information about processing your personal data is available in our Privacy statement."
#LI-AK1