Senior Application Security Engineer (SSDLC & SOC) | Global eCommerce Platform

Join Base – a global leader revolutionizing e-commerce! We are the technological driving force for sellers worldwide, delivering an innovative all-in-one system. Our mission is to simplify the lives of online entrepreneurs by helping them automate processes, dynamically scale their business, and effectively manage sales across multiple platforms. We achieve this through our passion for innovation and modern technologies.

We operate globally, collaborating with thousands of marketplaces and industry leaders such as Amazon, eBay, Shopify, DHL, and FedEx. Our international team of experts works across Poland, Europe, the Americas, and Asia.

Base is one of the fastest-growing platforms in the industry, achieving dynamic growth in revenue and customer base worldwide over the last three years. We foster a culture where real impact and collaboration matter, placing our team at the heart of innovation.

We are seeking a Senior Application Security Engineer responsible for application security, secure software development processes, and vulnerability management. This critical role integrates Application Security, SSDLC, Vulnerability Management, and security alert triage for our SaaS platform within the SOC environment.

You will collaborate closely with developers, analyze vulnerabilities, enhance security processes within the SDLC, and co-create robust security standards for our services.

Scope of Responsibilities

Application Security & SSDLC

• Implement and develop the Secure Software Development Lifecycle (SSDLC) process organization-wide.
• Mentor and support developers, practically implementing the "shift-left security" approach.
• Conduct manual and tool-based secure code reviews for key components and modules.
• Perform Threat Modeling for new features, APIs, and application architecture.
• Create and enforce AppSec standards (OWASP ASVS, OWASP API Security Top 10).
• Collaborate on application architecture design focusing on security (authentication, authorization, sessions, API security).
• Support the implementation of application protection mechanisms (security headers, rate limiting, WAF integration, input validation).

Vulnerability Management

• Analyze security scan results (e.g., SAST, DAST, SCA, cloud security scanners).
• Analyze third-party penetration test and security audit reports, verifying quality, prioritizing, and interpreting findings.
• Prioritize vulnerabilities and develop remediation recommendations in collaboration with development teams.
• Coordinate external vendor cooperation: defining scope, receiving reports, and supervising recommendation implementation.
• Verify the effectiveness of fixes through retests.
• Execute ad-hoc actions using WAF for temporary vulnerability mitigation until permanent solutions are deployed.

Incident Response (AppSec) & Security Research

• Triage security alerts concerning applications and APIs within the SOC.
• Support incident analysis related to applications and SaaS services.
• Coordinate reports from external researchers (Bug Bounty / Responsible Disclosure).
• Research new attack methods, Red Team techniques, and evasion strategies, proposing improvements to defense, detection, and response mechanisms.
• Utilize AI/ML solutions for vulnerability analysis, anomaly detection, and AppSec process automation.

Requirements

• 4+ years of experience as an Application Security Engineer, DevSecOps, Secure Software Engineering, or similar role.
• Excellent knowledge of OWASP Top 10, OWASP API Security, ASVS, and common application and cloud vulnerabilities.
• Experience utilizing SAST/DAST/SCA tools and cloud scanners (e.g., AWS Security Hub, Prowler).
• Proficiency in implementing SSDLC and Security as Code within CI/CD processes.
• Ability to read and analyze code (any language: Python, JS/TS, PHP, Java, C#, Go, or others).
• Experience collaborating with SOC or independently triaging application incidents.
• Experience in bug bounty / responsible disclosure is preferred.
• Strong technical and communication skills.
• Minimum B2 level English proficiency.

Benefits

• Opportunity to build a global e-commerce brand and implement impactful solutions.
• Inspiring collaboration with passionate, international professionals.
• Significant professional and personal development opportunities within a dynamically growing company.
• A wide range of benefits supporting health, passions, and development.