Application Security Engineer
Fountain
Spain
Posted on Apr 30, 2026
We are looking for a highly motivated Application Security Engineer to join our platform team. In this role, you will be a crucial bridge in securing our platforms, proactively embedding security into our development process.Our core application relies heavily on TypeScript/JavaScript and Ruby. We’re looking for someone with an eagerness to dive into the code, hunt and patch vulnerabilities, and be able to build security features in our platform. You will have the opportunity to learn from experienced security professionals, grow your skill set, and make a tangible impact on a platform used by millions of applicants globally.What You’ll Be Doing:• Secure the Codebase: Assist in performing manual and automated security code reviews on our primarily TypeScript/JavaScript and Ruby repositories. • Vulnerability Management: Triage, validate, and prioritize security findings from our automated scanners (SAST/DAST/SCA) and external bug bounty programs. • DevSecOps Support: Help maintain and tune security tooling within our CI/CD pipelines to ensure we catch flaws before they reach production. • Collaborate and Educate: Partner closely with software engineers to explain security risks, provide remediation guidance, and promote a culture of secure coding. • Threat Modeling: Shadow and assist senior security engineers in threat modeling sessions to identify potential attack vectors during the design phase of new features. • Incident Response: Support the security team in investigating and mitigating application-level security alerts and incidents.What You Should Bring: • Experience: 1–3 years of experience in software development, IT, or cybersecurity (can include equivalent internships, bootcamps, or personal security research). • Technical Knowledge: A solid foundational understanding of web application architecture and common security flaws (e.g., OWASP Top 10, CWE). • Code Fluency: The ability to read, understand, and write basic code in TypeScript/ JavaScript or Ruby. You should feel comfortable navigating a modern software repository. • Problem Solving: An analytical mindset with a passion for figuring out how things work—and how to break them safely. • Communication: Excellent written and verbal communication skills. You can explain a technical vulnerability to a developer without sounding accusatory (we assume positive intent and build trust!). • Drive: A "Run" mentality. You are a self-starter who rejects complacency and is eager to continuously learn and grow in the AppSec space. Bonus Points: • Hands-on experience with modern application security testing tools (e.g., Burp Suite, Snyk, Aikido, ZAP).• Familiarity with assessing codebases and platforms using AI tooling. • Familiarity with cloud security concepts (AWS ). • Active participation in Bug Bounty platforms. • Basic understanding of containerization and orchestration (Docker, Kubernetes).