Application Security Engineer

About GeoComply

We’re GeoComply! We are at the forefront of geolocation, cybersecurity, and anti-fraud innovation, developing and delivering cutting-edge technologies to help ensure regulatory compliance, combat bad online actors, alleviate user friction, and protect businesses from fraud.

Achieving significant business and revenue growth over the past three years and dubbed a tech “Unicorn,” GeoComply has been trusted by leading global brands and regulators for over ten years. Our compliance-grade geolocation technology solutions are installed on over 400 million devices and analyze over 12 billion transactions a year.

At the heart of it all is the people, united by a deep commitment to problem-solving and revolutionizing how people and businesses use the internet to instill confidence in every online interaction. With teams across five countries, three continents, and a global customer base, we have no plans to slow down.

As an Application Security Engineer at GeoComply, you’ll play a vital role in ensuring our applications are secure, resilient, and trustworthy. You’ll work within a team that influences secure design, performs code analysis, and identifies vulnerabilities through hands-on testing. This role involves designing, implementing, and maintaining robust security measures throughout the Software Development Lifecycle (SDLC), fostering a culture of security across development and operations teams.

Key Responsibilities

• Application Security Review: Drive the secure development lifecycle by conducting design reviews, automated testing, and hands-on penetration testing to identify potential security vulnerabilities across applications and non-compliance with security standards.
• Threat Modeling: Identify potential attack vectors and devise strategies to mitigate these threats.
• Secure Design Consultation: Collaborate with development teams early in the SDLC to establish and integrate security requirements, ensuring robust security architecture for new projects and releases.
• Security Tools Management: Implement and manage advanced security tools, focusing on automation. Leverage Software Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), security scanners, and bug bounty programs to assess and secure applications.
• Developer Education & Engagement: Act as a security advocate within GeoComply’s development community. Educate software engineers on secure coding practices through training sessions, security guidelines, and one-on-one mentorship, fostering a strong security culture across teams.
• Assisting During Incident Response: Serves as a trusted subject matter expert to bring application security expertise to root-cause analysis and remediation planning where appropriate.

Technical Proficiency

• Proficient in at least one programming language relevant to GeoComply’s technology stack (e.g., Java, Golang, Python, JavaScript )
• Experienced in deploying and configuring enterprise-grade security tools, including SAST, DAST, and security scanners.
• Familiarity with leading security tools, such as BurpSuite, ZAP and Metasploit, for identifying and managing vulnerabilities.
• Bug Bounty and Vulnerability Management: Skilled in supporting bug bounty programs, including triage, validation, and re-testing of security findings to ensure effective remediation.
• Data Protection and Cryptography: Competence in designing secure solutions for sensitive data, applying cryptographic techniques, access controls, and hardware security modules (HSM) to protect critical assets.
• Version Control Systems: Proficiency with Git (GitHub).
• CI/CD and Automation Experience: Experienced in integrating security within CI/CD pipelines, utilizing tools like Jenkins, Artifactory, and related automation technologies.
• Authorization & Networking Protocols: Familiarity with authentication/authorization frameworks (OAuth, SAML, OpenID, ADFS, SCIM) and a solid understanding of network and web related protocols (e.g. TCP/IP, UDP, HTTP, REST, DNS, SMTP).
• Architecture Knowledge: In-depth understanding of web application architectures, APIs, microservices, and cloud-native systems.

Experience

• Educational Background: Bachelor’s degree in Computer Science, Engineering, MIS, CIS, or a related discipline is required.
• Professional Experience: 3+ years of experience in application security, including hands-on roles in code analysis, vulnerability identification, and secure design.

At GeoComply, we’re at the forefront of geolocation, cybersecurity, and anti-fraud innovation. Joining our team means working on cutting-edge technology with a group of passionate, skilled individuals who prioritize security, teamwork, and continuous growth. We offer a collaborative hybrid work environment and value in-person interaction while providing flexibility for our team members.