Application Security Engineer - Hybrid

📍 On-site role (up to 2 remote days/week after onboarding)

📄 Freelance mission – 12 months renewable

💰 Daily rate: €650–€750 (depending on experience)

About the Role

We are looking for a hands-on Application Security Engineer to strengthen security across our software development lifecycle within a high-availability healthcare software environment.

This is a technical practitioner role, not purely governance or advisory. You will work directly with application code, libraries, configurations, and CI/CD pipelines to remediate vulnerabilities and help development teams build secure software by design.

You will collaborate closely with:

• IT Development & Application Teams
• Infrastructure & DevOps Teams
• Cybersecurity Team (prioritized vulnerability backlog)
• OS-level Security Engineers

If you enjoy working at the intersection of Security, Engineering, and DevSecOps, this role is for you.

Your Mission

Own vulnerability remediation after triage and drive continuous application security improvements across the organization.

Key Responsibilities

Vulnerability Analysis & Remediation

• Analyze and remediate vulnerabilities from SAST, DAST, SCA tools, pentest reports, Qualys, and similar scanners
• Fix issues directly in application code, middleware, configurations, libraries, and dependencies
• Distinguish real risks from false positives
• Resolve dependency conflicts and legacy component challenges

Secure Software Development

• Perform secure code reviews
• Conduct architecture security assessments
• Participate in threat modeling sessions
• Support secure design decisions

DevSecOps & CI/CD Integration

• Integrate security tooling into CI/CD pipelines (GitLab, Azure DevOps)
• Implement security gates and automated controls
• Automate vulnerability detection and prevention
• Contribute to DevSecOps maturity improvements

Security Maturity & Technical Debt Reduction

• Reduce technical debt via structured remediation
• Provide risk-based remediation recommendations
• Improve overall application security posture

Tech Environment

CI/CD & DevOps: GitLab, Azure DevOps, Docker, Kubernetes

Security Tooling: SAST / DAST / SCA, Qualys, pentest tooling

Tech Stack: Java (Spring Boot), JavaScript/Node.js, TypeScript, Angular, .NET (nice to have), Python (nice to have)

Standards: OWASP Top 10, secure coding frameworks

Environment: Local data center – high-availability healthcare software systems

Required Profile

Technical Background

• Strong software engineering foundation (able to read and modify production code)
• Proven experience in application security or secure development
• Solid understanding of OWASP Top 10 vulnerabilities
• Hands-on remediation at code and configuration level
• Experience integrating security into CI/CD pipelines
• Strong DevSecOps mindset
• Ability to prioritize vulnerabilities based on risk

Soft Skills

• Comfortable in high-availability environments
• Strong collaboration with development and infrastructure teams
• Structured, pragmatic, solution-oriented mindset
• Clear technical communication

Languages

• English: Full professional proficiency
• French: Professional working proficiency

Nice to Have

• Threat modeling methodologies
• Cloud security exposure
• Enterprise vulnerability management experience
• API / middleware security knowledge
• Familiarity with IAST or modern SaaS security testing platforms