Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
AppSec Engineer / DevSecOps image - Rise Careers
Job details

AppSec Engineer / DevSecOps

To achieve the highest level of protection in the company, the Cyber Security team builds and fine-tunes security systems, processes, and training programs to ensure that passive cybersecurity is the first line of defense. 


Each day this team fights against cyber criminals using globally trusted cybersecurity products that are not limited but include EDR/XDR, WAF, HIDS, and NIDS solutions. They collect threat intelligence information and adopt it in our systems to prevent cybersecurity incidents.


Horrifying threats like malware, ransomware, web applications attacks, Man-in-the-Middle attacks, social engineering, DDOS, privileges escalations, vulnerabilities, and remote code execution only bring a smile to the faces of this Cyber Security squad. However, what they like the most is threat hunting. We can't tell you anything else as we need to keep our top security secrets, but we can promise you won't be bored if you join this team.



If you want to:
  • Conduct regular security assessments on new and existing products and perform code reviews to proactively find potential vulnerabilities;
  • Seek out opportunities to automate processes when appropriate and integrate automation within CI/CD pipeline;
  • Identify emerging classes of vulnerabilities and develop solutions for them before they're a problem;
  • Triage and perform root cause analysis on reported vulnerabilities;
  • Contribute security-focused feedback to engineers during all phases of the development lifecycle;
  • Communicate risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns;
  • Maintain and create secure development practices and programs for our engineering teams;
  • Act as an ambassador for security within Surfshark and lead the Security Champions program.


And you can check off:
  • 3+ years experience in security testing of web applications and native apps;
  • Deep understanding of web and mobile application architecture and design principles;
  • Strong written and verbal communication skills and ability to communicate with empathy when delivering constructive feedback regarding security matters to engineers and product managers;
  • Experience with manual secure code review in languages such as PHP, JavaScript. C#, Kotlin, and SWIFT is a plus;
  • Familiarity with common web application testing tools for DAST, SAST, IAST, and SCA analysis, such as Burp Suite, SonarQube, SEMGREP;
  • Knowledge of authentication mechanisms like OAuth, etc.;
  • Understanding common security flaws and resolutions published by OWASP, SANS, etc.;
  • Knowledge of how to test code and applications across various platforms (iOS, Mac, Linux, Windows, Android, etc.) for security;
  • Ability to see patterns and commonalities to investigate complex issues;
  • Organizational skills to bring together and record detailed and accurate information about bugs and systemic issues.


Bonus points if you:
  • Have experience with Amazon AWS services and are familiar with Kubernetes and VPN solutions;
  • Have current or former security trainings or certifications, such as OSWE or similar;
  • Have some background in software engineering in a collaborative and dynamic environment.


Here's the deal:
  • Growth and learning opportunities: time dedicated to learning, conferences, online learning platforms, and books for your professional development;
  • Health and wellness: we want you to feel and be your best. That's why we offer various benefits, from online workouts, a physical coach and a gym to regular mental health checks;
  • Tools of your choice: choose technical equipment and the tools you need to do your best;
  • Community and celebrations: get ready for long-lasting traditions such as yearly workation, Friday get-togethers, various team buildings and company celebrations;
  • Convenient commuting: traveling from point A to point B can be a pain. That’s why, depending on your unique circumstances, we compensate part of your public transport costs;
  • Work-life balance: as a general rule, we work based on a 3+2 hybrid model. And let’s not forget the WFA policy – an opportunity to work from anywhere in the world;
  • Premium Surfshark accounts: for you, your family, and friends;
  • Gross salary: 3150 - 6950 Eur/month for the Lithuanian market. It may vary depending on your skills, experience, or location. 


Surfshark Glassdoor Company Review
4.6 Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon Glassdoor star icon
Surfshark DE&I Review
No rating Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon
CEO of Surfshark
Surfshark CEO photo
Vytautas Kaziukonis
Approve of CEO
by Surfshark on Glassdoor

Average salary estimate

$60600 / YEARLY (est.)
min
max
$37800K
$83400K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About AppSec Engineer / DevSecOps, Surfshark

Join Surfshark as an AppSec Engineer / DevSecOps and become a vital part of our dynamic Cyber Security team! Here, you’ll tackle the thrill of thwarting cyber threats, applying your skills with tools like EDR/XDR, WAF, HIDS, and NIDS to reinforce our defenses. Your mission? Conduct security assessments, automate processes, and lead the charge on identifying vulnerabilities before they become problems. You'll be engaging with innovative engineers, providing essential feedback, and sharing your knowledge on secure design patterns through workshops and technical demonstrations. Beyond the nitty-gritty of code reviews and threat hunting, we offer a vibrant workplace culture focusing on growth through learning opportunities, health benefits, and work-life balance, including our WFA policy, allowing you to work from anywhere. If you have over three years of experience in security testing and a strong command of app architectures, along with the drive to nurture a security-focused mindset within our teams, you’ll thrive here. We love security professionals who can communicate effectively with empathy, turning complex security lingo into accessible guidance for engineering staff. It’s a chance to dive deep into the heart of cybersecurity and not just survive—thrive. We can’t wait to see how you’ll contribute your unique expertise to help us keep Surfshark and our users safe from the ever-evolving landscape of cybercrime. Ready to take the plunge? Your adventure starts here!

Frequently Asked Questions (FAQs) for AppSec Engineer / DevSecOps Role at Surfshark
What are the main responsibilities of an AppSec Engineer / DevSecOps at Surfshark?

As an AppSec Engineer / DevSecOps at Surfshark, you will conduct regular security assessments on new and existing applications, perform manual code reviews, and automate processes within the CI/CD pipeline. Your role will also involve identifying vulnerabilities and communicating risks to engineering teams while maintaining secure development practices.

Join Rise to see the full answer
What qualifications do I need to become an AppSec Engineer / DevSecOps at Surfshark?

To qualify for the AppSec Engineer / DevSecOps position at Surfshark, you should have at least 3 years of experience in security testing web and native applications. A deep understanding of app architectures, secure coding practices, and familiarity with security tools like Burp Suite and SonarQube are essential. Bonus points for AWS experience and relevant security certifications!

Join Rise to see the full answer
How does Surfshark promote work-life balance for its AppSec Engineer / DevSecOps team?

At Surfshark, we are committed to employee well-being. We operate on a 3+2 hybrid model, providing flexibility in working from home and the office. Our WFA policy means you can work from anywhere, promoting a healthy work-life balance while still being part of our collaborative team culture.

Join Rise to see the full answer
What kind of development opportunities are available for AppSec Engineer / DevSecOps at Surfshark?

Surfshark offers various growth opportunities, including time dedicated to professional development, access to online learning platforms, and attendance at conferences. Our focus on continuous learning helps you stay ahead of industry trends and evolve in your cybersecurity career.

Join Rise to see the full answer
Can you describe the team culture for AppSec Engineer / DevSecOps at Surfshark?

The culture at Surfshark is vibrant and inclusive, emphasizing collaboration and celebration. Engaging traditions like yearly workations, Friday gatherings, and team building activities foster a sense of community. We believe in creating a fun, dynamic work environment where security professionals can thrive.

Join Rise to see the full answer
Common Interview Questions for AppSec Engineer / DevSecOps
Can you explain your experience with manual secure code review for different programming languages?

In your response, focus on specific languages you've worked with, detailing the tools and techniques you used during code reviews. Highlight any challenges you faced and how you effectively communicated findings and improvements to your team.

Join Rise to see the full answer
How would you address emerging security vulnerabilities within applications?

Share your approach to staying current with vulnerability trends, involve risk analysis methods, and discuss how you prioritize vulnerabilities based on their potential impact. Emphasize your proactive tactics for creating solutions before vulnerabilities become a security issue.

Join Rise to see the full answer
What tools do you commonly use for web application security testing?

Mention specific tools like Burp Suite, SonarQube, or others you’ve used, elaborating on your experience with each. Describe how you utilize these tools during assessments and any successful outcomes from your testing.

Join Rise to see the full answer
How do you communicate security risks to technical teams?

Discuss your strategy for breaking down complex security matters into understandable language. Provide examples of previous training sessions or techniques you used to effectively engage engineers and product managers.

Join Rise to see the full answer
What is your experience with CI/CD automation in security practices?

Explain how you've integrated security into CI/CD pipelines, referencing specific tools or frameworks. Outline any automation processes you’ve implemented and the positive impact these had on security and efficiency.

Join Rise to see the full answer
Describe a challenging security issue you faced and how you resolved it.

Use the STAR method to clearly outline the Situation, Task, Action, and Result of the challenge. Focus on your analytical skills and any teamwork involved, demonstrating the successful resolution of the issue.

Join Rise to see the full answer
How familiar are you with OWASP Top Ten vulnerabilities?

Provide a brief overview of your knowledge of the OWASP Top Ten, mentioning specific vulnerabilities you’ve addressed in past roles. Discuss how you keep up to date with evolving security concerns.

Join Rise to see the full answer
How do you approach mentoring less experienced team members in security best practices?

Share your thoughts on collaboration and teaching, detailing any mentoring experiences you've had. Emphasize your commitment to knowledge sharing and fostering a culture of security awareness.

Join Rise to see the full answer
What strategies do you utilize for effective threat hunting?

Discuss your methodologies for identifying and addressing threats, such as analyzing log data, examining patterns, and employing threat intelligence. Provide examples illustrating how these strategies have led to successful mitigations.

Join Rise to see the full answer
What motivates you to work in the field of AppSec and cybersecurity?

Express your passion for cybersecurity and your desire to protect users and systems from cyber threats. Share what drives you to continue learning and improving your skills in this rapidly evolving field.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
Surfshark Remote Vilnius
VIEW
Posted 7 days ago
Photo of the Rise User
Surfshark Remote No location specified
VIEW
Posted 6 days ago
Photo of the Rise User
Inspiration Mobility Remote Washington, D.C.
VIEW
Posted 12 days ago
Photo of the Rise User
Deloitte Hybrid Los Angeles, CA
VIEW
Posted 5 days ago
Photo of the Rise User
Ledger Remote Portland, United States
VIEW
Posted yesterday
Photo of the Rise User
Addison Group Remote Alexandria, VA
VIEW
Posted 10 days ago
Photo of the Rise User
EY Remote Highland Park, TX
VIEW
Posted 6 days ago
Photo of the Rise User
Leidos Hybrid Fort Bliss, TX
VIEW
Posted 7 days ago
Photo of the Rise User
Publicis Groupe Remote Toulouser Allee 3, 40211 Düsseldorf, Germany
VIEW
Posted yesterday
Photo of the Rise User
Barracuda Networks Inc. Remote No location specified
VIEW
Posted 9 days ago
Photo of the Rise User By Surfshark

Our dream is a world where people have full control of their digital lives. That's why we humanize digital security to make it accessible to all.

29 jobs
MATCH
Calculating your matching score...
FUNDING
DEPARTMENTS
SENIORITY LEVEL REQUIREMENT
INDUSTRY
TEAM SIZE
LOCATION
EMPLOYMENT TYPE
Full-time, hybrid
DATE POSTED
December 2, 2024

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
Show me relevant jobs ASK RISA ✨
ABOUT RISE
FOR COMPANIES
REMOTE JOBS & MORE
LOOKING FOR A JOB?
FIND A JOB NEAR ME
POPULAR JOBS
Rise logo
Privacy Policy and Terms of Service
© 2021 Work Rise LLC. All rights reserved.
Proudly made in NYC.
CONNECT
Facebook Instagram LinkedIn Tiktok