Join Base – a global leader revolutionizing e-commerce!

We are the technological driving force for sellers worldwide, delivering an innovative all-in-one system. Our mission is to simplify the lives of online entrepreneurs, helping them automate processes, dynamically scale their business, and effectively manage sales across multiple platforms. This is driven by our passion for innovation and the use of modern technologies. We operate globally, collaborating with thousands of marketplaces and industry leaders such as Amazon, eBay, Shopify, DHL, and FedEx. Our international team of experts works in Poland, Europe, the Americas, and Asia.

We are not just another tech company. We are one of the fastest-growing platforms in the industry—achieving dynamic growth over the last 3 years, increasing our revenue and customer base worldwide. We prioritize a culture where real impact and collaboration matter, and our team is the heart of our innovation.

We are seeking a Senior Application Security Engineer responsible for application security, software development processes, and vulnerability management. This role combines Application Security, SSDLC, Vulnerability Management, and the triage of security alerts related to our SaaS within the SOC framework.

You will collaborate with developers, analyze vulnerabilities, develop security processes within the SDLC, and co-create security standards for our services.

Key Responsibilities

Application Security & SSDLC

• Implementing and developing the Secure Software Development Lifecycle (SSDLC) process across the organization.
• Mentoring and supporting developers—practically implementing the "shift-left security" approach.
• Performing manual and automated secure code review for key components and modules.
• Conducting Threat Modeling for new features, APIs, and application architecture.
• Creating and enforcing AppSec standards (OWASP ASVS, OWASP API Security Top 10).
• Collaborating on application architecture design focusing on security (authentication, authorization, sessions, API security).
• Supporting the implementation of application protection mechanisms (security headers, rate limiting, WAF integration, input validation).

Vulnerability Management

• Analyzing results from security scans (e.g., SAST, DAST, SCA, cloud security scanners).
• Analyzing reports from third-party penetration tests and security audits—verifying quality, prioritizing, and interpreting findings.
• Prioritizing vulnerabilities and developing remediation recommendations in collaboration with development teams.
• Coordinating collaboration with external companies: defining scope, receiving reports, and overseeing the implementation of recommendations.
• Verifying the effectiveness of fixes through retests.
• Performing ad-hoc actions using WAF for temporary vulnerability mitigation until a permanent solution is deployed.

Incident Response (AppSec) & Security Research

• Triaging application and API security alerts within the SOC.
• Supporting the analysis of incidents related to applications and services (SaaS).
• Coordinating submissions from external researchers (Bug Bounty / Responsible Disclosure).
• Investigating new attack methods, Red Team techniques, and evasion tactics—proposing improvements to defense, detection, and response mechanisms.
• Utilizing AI/ML solutions in vulnerability analysis, anomaly detection, and AppSec process automation.

Requirements

• 4+ years of experience as an Application Security Engineer, DevSecOps, Secure Software Engineering, or similar role.
• Excellent knowledge of OWASP Top 10, OWASP API Security, ASVS, and typical application and cloud vulnerabilities.
• Experience with SAST/DAST/SCA tools and cloud scanners (e.g., AWS Security Hub, Prowler).
• Knowledge and practical experience implementing SSDLC and Security as Code in CI/CD processes.
• Ability to read and analyze code (any language: Python, JS/TS, PHP, Java, C#, Go, or others).
• Experience collaborating with SOC or independently triaging application incidents.
• Experience in bug bounty / responsible disclosure is highly desirable.
• Strong communication and technical skills.
• English language proficiency at minimum B2 level.

Benefits

• Opportunity to build a global brand in the e-commerce industry from the ground up and implement solutions that make a difference.
• Inspiring collaboration with passionate professionals from diverse cultures and corners of the world.
• Chance for professional and personal development in a company experiencing dynamic growth—grow with us!
• A wide range of benefits supporting your health, passions, and development.