Join Base – a global leader revolutionizing e-commerce! We are the technological driving force for sellers worldwide, providing an innovative all-in-one system. Our mission is to simplify the lives of online entrepreneurs by helping them automate processes, dynamically scale operations, and effectively manage multi-platform sales.

We are one of the fastest-growing platforms in the industry, achieving dynamic growth in revenue and customer base globally over the last 3 years. We operate internationally, partnering with thousands of marketplaces and industry leaders like Amazon, eBay, Shopify, DHL, and FedEx. Our international team of experts works across Poland, Europe, the Americas, and Asia.

We are seeking a Senior Application Security Engineer to manage application security, software development processes, and vulnerability management. This critical role integrates Application Security, SSDLC, Vulnerability Management, and triaging security alerts for our SaaS platform within the Security Operations Center (SOC).

You will collaborate closely with developers, analyze security vulnerabilities, enhance security processes within the SDLC, and establish robust security standards for our services.

Scope of Responsibilities

Application Security & SSDLC

• Implement and mature the Secure Software Development Lifecycle (SSDLC) process organization-wide.
• Mentor and support developers, practically implementing the "shift-left security" approach.
• Conduct manual and automated secure code reviews for critical components and modules.
• Perform Threat Modeling for new features, APIs, and application architecture designs.
• Create and enforce AppSec standards, including OWASP ASVS and OWASP API Security Top 10.
• Collaborate on application architecture design focusing on security (authentication, authorization, sessions, API security).
• Support the implementation of application protection mechanisms (security headers, rate limiting, WAF integration, input validation).

Vulnerability Management

• Analyze results from security scanning tools (SAST, DAST, SCA, cloud security scanners like AWS Security Hub or Prowler).
• Evaluate reports from third-party penetration tests and security audits, focusing on quality verification, prioritization, and interpretation of findings.
• Prioritize vulnerabilities and develop actionable remediation recommendations in partnership with development teams.
• Coordinate external security engagements: defining scope, report acceptance, and overseeing recommendation implementation.
• Verify patch effectiveness through retesting procedures.
• Execute ad-hoc mitigation actions using WAF for temporary vulnerability fixes until permanent solutions are deployed.

Incident Response (AppSec) & Security Research

• Triage application and API security alerts within the SOC framework.
• Support incident analysis related to applications and SaaS services.
• Coordinate submissions from external security researchers (Bug Bounty / Responsible Disclosure programs).
• Research emerging attack methods, Red Team techniques, and evasion tactics; propose enhancements to defense, detection, and response mechanisms.
• Leverage AI/ML solutions for vulnerability analysis, anomaly detection, and AppSec process automation.

Requirements

• 4+ years of experience as an Application Security Engineer, DevSecOps Engineer, Secure Software Engineer, or similar role.
• Expert knowledge of OWASP Top 10, OWASP API Security, ASVS, and common application and cloud vulnerabilities.
• Hands-on experience with SAST/DAST/SCA tools and cloud security scanners (e.g., AWS Security Hub, Prowler).
• Proven ability to implement SSDLC and Security as Code practices within CI/CD pipelines.
• Proficiency in reading and analyzing code (Python, JS/TS, PHP, Java, C#, Go, or other languages).
• Experience collaborating with a SOC or independently triaging application incidents.
• Experience with bug bounty or responsible disclosure programs is highly desirable.
• Strong technical and communication skills.
• Minimum B2 level English proficiency.

Benefits

• Opportunity to significantly impact and build a global e-commerce brand from the ground up.
• Collaborate with passionate professionals from diverse global cultures.
• Exceptional opportunity for professional and personal development within a dynamically expanding company.
• Comprehensive range of benefits supporting your health, passions, and development.