Application Security Engineer | Senior | Low-level at Nord Security

Prague, Prague, Czechia

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

CybersecurityIndustries

Requirements

Proven experience in mobile/desktop application security assessment planning, testing, methodologies, and vulnerability reporting
Strong understanding of secure coding practices
Ability to perform manual security code audit
Proficiency in at least one low-level programming language (e.g., C, C++, Rust, Go)
Solid understanding of networking protocols such as TCP, UDP, and the HTTP protocol
Familiarity with debuggers (e.g., GDB, LLDB, WinDbg)
Familiarity with reverse engineering tools (e.g., Ghidra, IDA)
Solid understanding of memory corruption issues, buffer overflows, and related vulnerability classes
Familiarity with common authentication and authorization protocols (OAuth, SAML, JWT, etc.)
Ability to work with networking tools such as Wireshark and tcpdump
Ability to quickly assimilate new technologies and tools
Sense of ownership with strong problem-solving and investigation skills
Ability to build and maintain relationships, influence key stakeholders across the business
Bonus: Community contributions like public CVEs, bug bounty recognition, open-source tools, blogs, etc

Responsibilities

Conduct security reviews of application designs, source code, and third-party libraries
Perform regular application vulnerability assessments using both automated tools and manual testing techniques (e.g., SAST, DAST, SCA, penetration testing)
Collaborate with development teams to design secure architectures and implement security controls
Help maintain security tools, scripts, and processes to support secure development
Stay current with industry trends, zero-day vulnerabilities, and best practices in application security
Develop scripts and security automation tools to enhance application security testing processes
Design and deliver training for security engineering awareness & adoption
Actively look for internal security gaps within the product or organization overall
Ensure mobile/desktop applications are sufficiently tested and support internal and external audits

Skills

Key technologies and capabilities for this role

SASTDASTSCApenetration testingCC++RustGosecure codingTCPUDPHTTPdebuggersvulnerability assessmentmanual code audit

Questions & Answers

Common questions about this position

What skills are required for the Application Security Engineer role?

Key requirements include proven experience in mobile/desktop application security assessment, strong understanding of secure coding practices, proficiency in at least one low-level programming language like C, C++, Rust, or Go, solid understanding of networking protocols such as TCP, UDP, and HTTP, and familiarity with debuggers, reverse engineering tools, and memory corruption issues.

What does the company offer in terms of professional growth?

The company offers opportunities to innovate with industry leaders, work alongside global experts, boost skills via extensive training programs (online and offline), and benefit from mentorship and career-switch opportunities.

Is the salary specified for this position?

This information is not specified in the job description.

What is the work arrangement or location policy?

This information is not specified in the job description.

What makes a strong candidate for this role?

A strong candidate has proven experience in application security, proficiency in low-level languages, familiarity with debugging and reverse engineering tools, plus bonus points for community contributions like public CVEs, bug bounty recognition, or open-source tools.

Nord Security

Cybersecurity services for individuals and businesses

About Nord Security

Nord Security provides a variety of cybersecurity products aimed at protecting both individuals and businesses from online threats. Their main offerings include NordVPN, which is a virtual private network that ensures secure internet access through advanced encryption and threat protection, making it popular among millions of users. For businesses, NordLayer offers a tailored cybersecurity solution that allows secure access to the internet and company resources while helping organizations comply with various regulations. Additionally, NordLocker is an encrypted cloud storage service that enables users to securely sync, back up, and share files, utilizing strong cryptography for data protection. Unlike many competitors, Nord Security combines multiple cybersecurity services into a single subscription model, making it easier for users to manage their online safety and data privacy.

Vilnius, LithuaniaHeadquarters

2012Year Founded

$194.5MTotal Funding

GROWTH_EQUITY_VCCompany Stage

CybersecurityIndustries

1,001-5,000Employees

Benefits

Health Insurance

Mental Health Support

Professional Development Budget

Flexible Work Hours

Additional Paid Leave

Risks

Emerging VPN providers offering lower prices could erode Nord Security's market share.

Rapid evolution of cyber threats may strain Nord Security's resources.

Expansion into eSIM technology could face regulatory challenges in different countries.

Differentiation

Nord Security offers a comprehensive cybersecurity package with advanced threat protection.

NordLayer provides businesses with secure internet access and compliance support.

NordLocker uses state-of-the-art cryptography for secure cloud storage.

Upsides

Nord Security's partnership with Bango enhances distribution through telecom channels.

The global VPN market is expected to grow significantly, benefiting NordVPN.

Demand for secure remote work solutions boosts Nord Security's business products.

Land your dream remote job 3x faster with AI

Try Jobo Free