RemoteLeaf Logo
Log in Sign up

Application Security Engineer - Pentester

8 hours, 47 minutes ago
Czech Republic
Full-time
Senior
Application Security Engineer
Cybersecurity
Burp Suite CI/CD OAuth OpenID Connect Penetration Testing SAML
Apply Now
Veeam Software

Veeam Software

Veeam Software is the global leader in Backup that delivers Modern Data Protection, offering solutions for virtual environments, enterprises, small businesses, and service providers worldwide.

Internet Software & Services
1K-5K
Founded 2006
$500M raised
View All Jobs 99

Description

  • Own offensive testing planning, depth, frequency, and reporting for assigned products and services.
  • Perform manual penetration testing of web applications and APIs, with emphasis on authentication, authorization, multi-tenant boundaries, and critical workflows.
  • Use Burp Suite to validate, reproduce, and automate testing workflows and authenticated flows.
  • Run, tune, and scale authenticated DAST scans while reducing false positives and coordinating with CI/platform teams.
  • Deliver clear findings, proofs of concept, and remediation guidance, then partner with engineers to retest and close issues.
  • Track findings with appropriate severity levels and remediation SLAs.
  • Improve testing tools, repeatability, and playbooks to make offensive testing more consistent.
  • Help prevent recurring vulnerabilities through standards, libraries, platform controls, and input to threat modeling and design reviews.

Requirements

  • Strong web and API penetration testing experience.
  • Practical exploitation experience with authorization issues such as IDOR/BOLA, privilege escalation, and role or tenant boundary testing.
  • Experience with authentication and session flows, including tokens and identity integrations.
  • Knowledge of common web vulnerabilities such as injection, SSRF, deserialization, and misconfigurations.
  • Advanced Burp Suite skills, including manual validation, targeted fuzzing, authenticated testing, extensions, and macros.
  • Experience writing Semgrep rules to detect insecure patterns.
  • DAST experience at scale, including authenticated scans, coverage tuning, and false-positive reduction.
  • Clear written communication skills for concise PoCs and actionable remediation guidance.
  • Bonus: SaaS multi-tenant security testing experience, OAuth2/OIDC/SAML depth, bug bounty triage, and custom tooling or Burp extensions.
  • Remote work is only possible for candidates located in the Czech Republic.

Benefits

  • 25 vacation days, 4 sick days, 21 paid medical leave days, plus 4 extra global VeeaMe Days for self-care.
  • 24 paid volunteer hours annually through Veeam Cares.
  • Premium private medical insurance for employees and dependents.
  • Daily meal vouchers worth 180 CZK per working day.
  • Flexible cafeteria platform with many lifestyle benefit options.
  • Multisport Card for gym and wellness, with family add-on options.
  • Annual public transport reimbursement up to a set limit.
  • Corporate mobile plan with optional family tariff.
  • Learning and development opportunities through LinkedIn Learning, O’Reilly, mentoring, workshops, and learning events.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Coinbase

Blockchain Security Engineer

Coinbase 1K-5K Capital Markets

Coinbase is hiring a Blockchain Security Engineer for its Decentralized Financial Security Team to help design and secure upcoming crypto products and features used by millions of customers.

United States Full-time Senior Application Security Engineer
$152k-$179k
Blockchain Databricks Generative AI Snowflake
8 hours, 2 minutes ago
Brex

Senior Application Security Engineer

Brex 1K-5K Diversified Financial Services

Brex is hiring a Senior Application Security Engineer to secure its financial platform by identifying vulnerabilities, improving secure development practices, and helping protect new AI-driven product features.

Anywhere Full-time Senior Application Security Engineer
$192k-$240k
AWS GraphQL gRPC Kotlin Kubernetes Penetration Testing Python
10 hours, 17 minutes ago
Quanata

Senior Application Security Engineer [Remote-US]

Quanata 201-500 information technology & services

Quanata is hiring a Senior Application Security Engineer to partner with web, backend, and data science teams to embed security across the software development lifecycle for its context-based insurance products.

United States Full-time Senior Application Security Engineer
$220k-$350k
AWS CI/CD Docker GraphQL JavaScript Kubernetes Microservices Node.js Penetration Testing REST API SonarQube TypeScript
10 hours, 17 minutes ago
Hootsuite

Senior Specialist, Customer Assurance

Hootsuite 10K-50K Media

Hootsuite is hiring a Senior Specialist, Customer Assurance to manage customer security, privacy, AI, and compliance review requests for its Global New Business and Customer & Expansion teams.

United States Canada Full-time Senior Penetration Tester
$78k-$116k
Salesforce
10 hours, 32 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers