Description
We are looking for an Application Security Engineer with a strong focus on penetration testing and vulnerability assessment to join a central cybersecurity team.
About the Role
You will be responsible for identifying and assessing security vulnerabilities in applications, supporting development teams in mitigating risks and improving secure coding practices.
This role combines pentesting activities, vulnerability management, and AppSec integration within the SDLC in a large-scale enterprise environment.
Key Responsibilities
1. Pentesting & Vulnerability Assessment
Perform application security testing (SAST, DAST, SCA)
Identify, analyze, and qualify vulnerabilities
Validate and prioritize security findings
Support remediation and re-testing
2. Security in the SDLC
Contribute to the integration of security into the development lifecycle
Support deployment of code analysis and dependency scanning tools
3. Collaboration with Development Teams
Work closely with developers to:
Explain vulnerabilities
Recommend secure solutions
Promote secure coding practices
4. Security Monitoring & Reporting
Track remediation progress and ensure compliance with deadlines
Contribute to reporting and security metrics
5. AppSec Community & Awareness
Promote:
Security awareness
Best practices
Secure development guidelines
Profile & Requirements
2+ years of experience in Cybersecurity / Pentesting / Application Security
Strong understanding of:
OWASP Top 10
Web application vulnerabilities
Experience with:
SAST / DAST / SCA tools (Fortify, Qualys, Nexus IQ or similar)
Vulnerability assessment and validation
Basic knowledge of development:
Java, Angular, REST APIs
Experience with:
Python scripting / automation
Modern environments (e.g. Kubernetes)
Hybrid Work 2/3x in the office in Porto