Application Security Engineer

About Nebius:

Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.

Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.

Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D.

The role

The Security Engineering Team within the Platform Security organization is responsible for the strategic selection, implementation, management, and optimization of cybersecurity tools and technologies that improve security capabilities of the organization's platform. This team is instrumental in fortifying the security posture, proactively identifying and responding to security threats, ensuring the resilience and protection of critical data, systems, and services.

We are looking for an Application Security Engineer who will ensure the security of our software by identifying and mitigating vulnerabilities, implementing best security practices, and collaborating with development teams. The ideal candidate will have a strong background in secure coding, vulnerability assessment, and penetration testing.

Your responsibilities will include:

• 
  

  Build and maintain ASPM tools and their rules.

  
  


• 
  

  Identify, analyze, and remediate application security vulnerabilities using tools like ASPM.

  
  


• 
  

  Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC).

  
  


• 
  

  Conduct manual and automated penetration testing of applications.

  
  


• 
  

  Develop and maintain secure coding guidelines for development teams.

  
  


• 
  

  Facilitate threat modeling and risk assessments on new and existing applications.

  
  


• 
  

  Stay updated on the latest security threats, vulnerabilities, and mitigation techniques.

  
  


• 
  

  Serve as an application security subject matter expert to other teams.

  
  

We expect you to have:

• 
  

  4+ years of experience in application security.

  
  


• 
  

  Strong knowledge of common application security risks (e.g. OWASP Top 10) and how to mitigate them.

  
  


• 
  

  Experience with secure coding practices in languages such as Python, Go, Java, or JavaScript.

  
  


• 
  

  Proficiency in a common programming language (such as Go or Python) with a willingness to learn Go, if necessary.

  
  


• 
  

  Hands-on experience with security testing tools (Burp Suite, ZAP, Semgrep, etc.).

  
  


• 
  

  Understanding of authentication protocols like SAML or OIDC.

  
  


• 
  

  Experience in conducting threat-modeling sessions.

  
  


• 
  

  Strong problem-solving and analytical skills.

  
  


• 
  

  Good written and verbal communication skills in English.

  
  


• 
  

  Willingness to learn new things.

  
  


• 
  

  Being comfortable working independently.

  
  

It would be an added bonus if you had:

• Confidence in presenting your ideas and opinions in a manner that can be challenged, while responding well to feedback.


• 
  

  Experience in designing, building, and maintaining security automation.

  
  


• 
  

  Experience in translating compliance and regulation requirements into technical specifications.

  
  


• 
  

  Experience in exploiting vulnerabilities in web applications, Linux kernels, containers, and networks.

  
  


• 
  

  Security certifications such as OSCP or OSWE.

  
  

We conduct coding interviews as part of the process.

Benefits & Perks:

• Competitive compensation


• Career growth and learning opportunities


• Flexibility and ownership


• Collaborative and innovative culture


• Opportunity to work on impactful AI projects


• International environment and talented teams

What's it like to work at Nebius:

Fast moving - Bold thinking - Constant growth - Meaningful impact - Trust and real ownership - Opportunity to shape the future of AI 

Equal Opportunity Statement:

Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law.

Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire. 

If you need accommodations during the application process, please let us know.