Back to Jobs
Turkey, Istanbul remote

Constructor is hiring an Application Security Engineer

About the Role

Role Overview

As an Application Security Engineer, you will play a central role in safeguarding our software ecosystem by embedding security into every phase of development. Your work will directly influence the resilience of web applications and APIs, ensuring robust protection against emerging threats.

Key Responsibilities

  • Lead threat modeling sessions and conduct architecture reviews to identify and mitigate risks in application design.
  • Perform hands-on security testing—both manual and automated—across development and pre-deployment stages.
  • Build and maintain secure development pipelines by integrating SAST and DAST tools into CI/CD workflows.
  • Establish and oversee processes for generating, analyzing, and using Software Bill of Materials (SBOM) using standards like CycloneDX and SPDX.
  • Work closely with engineering teams to prioritize and resolve security findings efficiently.
  • Develop and deliver security best practices aligned with OWASP guidelines, including developer training and secure coding guidance.
  • Monitor the threat landscape and adapt tooling and processes to address new vulnerabilities and attack techniques.

Required Qualifications

  • 3–5 years of hands-on experience in application security, particularly with web applications and RESTful APIs.
  • Proficiency in at least one programming or scripting language such as Python, JavaScript, C#, or Go.
  • Experience using security tools including OWASP ZAP, Burp Suite, or Snyk.
  • Familiarity with secure coding principles, DevSecOps practices, and container-based security.
  • Strong grasp of CVE, CVSS scoring, and vulnerability management workflows.
  • Fluent in business English, both written and verbal.

Preferred Qualifications

  • Experience with SBOM standards such as CycloneDX or SPDX and integrating SBOM tooling into CI/CD environments.
  • Background in software composition analysis (SCA) and managing third-party risk.

Technology Environment

You’ll work with tools and practices including OWASP ZAP, Burp Suite, Snyk, SAST and DAST solutions, CI/CD integration, and SCA platforms to enforce security at scale.

Required Skills
OWASP ZAPBurp SuiteSnykSASTDASTCI/CD pipelinesCycloneDXSPDXSCA toolssecure codingDevSecOpscontainer securityCVECVSSvulnerability disclosure OWASP ZAPBurp SuiteSnykSASTDASTCI/CD pipelinesCycloneDXSPDXSCA toolssecure codingDevSecOpscontainer securityCVECVSSvulnerability disclosure
Scaling your freelance income?

Invoice multiple clients effortlessly

Managing 3+ international clients? Glopay streamlines everything. One EU company, unlimited invoices, automatic compliance. You just send and get paid.

Unlimited clients & invoices
Multi-currency support
Automated tax compliance
Client portal for easy payments
Scale with Glopay
Trusted by 10,000+ freelancers
About company
Constructor
Constructor’s mission is to enable all educational organisations to provide high-quality digital education to 10x people with 10x efficiency. With strong expertise in machine intelligence and data science, Constructor’s all-in-one platform for education and research addresses today’s pressing educational challenges: access inequality, tech clutter, and low engagement of students.
All jobs at Constructor Visit website
Job Details
Category security
Posted 2 days ago

Similar Jobs

Other opportunities you might be interested in

Allergan Aesthetics, an AbbVie company

Application Security Engineer (Remote)

Allergan Aesthetics, an AbbVie company

Portland Remote (Country)
Futu US Inc.

Security Engineer

Futu US Inc.

Hong Kong
ConductorOne

Director of Security Engineering

ConductorOne

Portland Hybrid
Allergan Aesthetics, an AbbVie company

Senior DevSecOps Engineer - Platform and Tooling (Remote)

Allergan Aesthetics, an AbbVie company

Atlanta Remote (Global)
Alpaca

DevSecOps Engineer

Alpaca

United States of America Remote (Global)
Mirantis

Senior AI Security Engineer

Mirantis

Remote Remote (Global)