Application Security Engineer (Stockbit)

At Stockbit & Bibit, we prioritize the security of our applications and the data of our users. As anApplication Security Engineer, you'll play a key role in ensuring the security and integrity of our products from mobile apps to backend systems by working closely with our product and engineering tribes

You'll be directly involved in embedding security practices into our SDLC, partnering with each tribe to identify potential risks early, and helping teams design and build securely by default

Why Join Us

You'll be part of a growing security culture that believes in collaboration over gatekeeping - working directly with engineers and product teams to make security a shared responsibility. You'll also have the opportunity to shape how AppSec operates across multiple tribes and influence security strategy at scale.

What You'll Do

• Embed with Product Tribes:Collaborate closely with engineers, QA, and product managers to ensure security considerations are part of every development stage (SDLC).
• Secure Code Review:Review application code (mainlyGolangandJavaScript) to identify and mitigate vulnerabilities such as SQLi, XSS, CSRF, and IDOR.
• Security Testing:Conduct penetration testing, vulnerability scanning, and static/dynamic analysis to proactively uncover weaknesses across web, mobile, and backend services.
• Threat Modeling:Partner with teams to assess potential threats and design effective mitigations.
• Bug Bounty Management:Triage, validate, and coordinate resolution for bug reports submitted by external researchers.
• Security Architecture Guidance:Provide input on secure design patterns, ensuring security is built into architecture and deployments.
• Incident Response:Support investigation and remediation of application-related security incidents, minimizing impact and improving detection/prevention mechanisms.
• Security Awareness:Promote secure coding practices within the tribes through knowledge-sharing, internal training, and playbooks.
• Stay Current:Keep up with the latest vulnerabilities, frameworks, and attack vectors to continuously strengthen our defenses.

What We're Looking For

• Strong understanding of web and mobile security fundamentals.
• Hands-on experience withpenetration testingandsecure code review.
• Familiarity withGolangandJavaScript(Stockbit's main tech stack).
• Experience with static/dynamic analysis tools (e.g., Burp Suite, OWASP ZAP, Snyk, etc.).
• Ability to communicate complex security concepts in a clear, practical way to developers.
• Bonus: Exposure to CI/CD pipeline security, cloud security (AWS/GCP), or DevSecOps practices.

• Capital market sharing session
• Self development program
• Health insurance benefits
• Well being and counseling program