Application Security (AppSec) Engineer

Joom Group is an international tech-centric group of e-commerce companies founded in 2016 in Latvia. We are here to transform the largest industry in the world, global trade, making it more transparent, efficient, and technology-driven.

Today, Joom Group brings together the following businesses: Joom, a platform for shopping from all over the world; JoomPro, the first end-to-end cross-border B2B marketplace, with successful operations in Brazil and plans to to other markets; JoomPulse, data platform that provides analytics and recommendations for marketplace sellers; and Onfy, a pharmaceutical marketplace in Germany. Joom Group’s offices are located in China, Brazil, Portugal, Latvia, and Germany, with headquarters in Lisbon, Portugal. We work as one international team, sharing knowledge and collaborating across countries, businesses, and products.

As we continue to grow and introduce new products and services, we become increasingly susceptible to security threats. We are currently seeking an Application Security Engineer for our infrastructure team to stay informed about current threats and ensure the security of our development and applications.

This role offers the opportunity to develop the application security direction from the ground up and achieve international certification.

We prioritize innovation over bureaucracy and legacy code and are always open to fresh ideas.

Responsibilities

Implement SSDLC with the development team

Analyze the security of the company's products

Assist teams in addressing vulnerabilities

Stay informed about current threats and develop code protections

Requirements

3+ years of experience in web/mobile application security

Experience in securing mobile and web applications

Experience in building secure development processes (SSDLC)

Experience with white box testing

Knowledge of *NIX systems and basic network protocols

Preferred

Experience in bug bounty programs

Relevant information security certifications (e.g., OSCP, CompTIA Security+)

CVE authorship

Proficiency in Go, Python, or Java

We offer

Compensation package: base salary and performance-based bonuses

Office-first: flexible hours with a possibility to work remotely 52 days per year, and 22 days of paid annual leave

Care & Wellbeing: health insurance (including dental care) for employees and their children, daily meal allowance, and 100% paid sick leave

Team & Growth: collaboration with colleagues across Portugal, Brazil, Latvia and China, with opportunities for promotions, professional trainings, and English courses

Community & Engagement: annual team building activities, knowledge-sharing workshops, and a strong sense of team work

Before applying for the above position please review our Candidate Privacy Notice here. By responding to the vacancy, you acknowledge that you have read our Privacy notice.