More jobs:
Application Security Engineer; m/w
Job in
Zürich, 8058, Zurich, Kanton Zürich, Switzerland
Listed on 2026-07-04
Listing for:
myitjob GmbH
Full Time
position Listed on 2026-07-04
Job specializations:
-
IT/Tech
Cybersecurity
Job Description & How to Apply Below
Location: Zürich
Job Summary
Location:
Zurich, Hybrid Workload:
Full-time
This is a hands‑on technical role for someone who can operate deeply across modern application security disciplines and cloud‑native environments. You will contribute to application security across our platform, covering web, mobile, APIs, backend services, and cloud infrastructure, by embedding security into engineering processes, CI/CD pipelines, and runtime environments.
Responsibilities- Integrate and improve security controls within CI/CD pipelines including SAST, DAST, SCA, and IaC scanning to strengthen Dev Sec Ops practices.
- Configure, operate, and optimise application security tooling, ensuring findings are actionable and integrated into engineering workflows.
- Partner with engineering, platform, and product teams to design and implement secure‑by‑design architectures, perform threat modelling and promote secure development practices.
- Evaluate open‑source dependencies and contribute to software supply chain security initiatives.
- Assess and secure AI‑enabled applications and services, including AI/LLM integrations, AI supply chain risks, model security controls, and secure deployment patterns.
- Review and harden Infrastructure‑as‑Code implementations to enable secure cloud deployment patterns and reusable guardrails.
- Assess the security design of smart contracts, blockchain integrations, and third‑party Web3 services.
- Partner with SOC and engineering teams to improve detection, alerting, and response capabilities for application‑layer threats.
- 5–7+ years of deep, hands‑on experience in application security or Dev Sec Ops in modern engineering environments.
- Strong experience securing cloud‑native architectures (AWS and Azure preferred).
- Deep understanding of Kubernetes security, containers, and IaC security.
- Experience reviewing Infrastructure‑as‑Code and performing secure code reviews across backend, web, and/or mobile applications.
- Practical knowledge of application security standards, e.g. OWASP Top 10 and API Top 10 in real‑world systems.
- Familiarity with runtime application security concepts including observability, detection engineering, and production security monitoring.
- Strong understanding of API security concepts including authentication, authorisation, API gateways, and modern identity patterns.
- Ability to work directly with engineers and influence design and implementation decisions.
- Experience building AI agents and applying AI to automate security workflows.
- Solid understanding of cryptography fundamentals and key management (KMS/HSM).
- Relevant education, certifications, or equivalent practical experience.
- Experience with digital asset custody, web3, smart contract or transaction signing workflows.
- Track record of owning or building an application security function.
- Background in offensive security, red teaming, or bug bounty.
- Experience with financial services regulatory requirements (FINMA, MAS, DORA).
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×