Senior AppSec Engineer

At airSlate, our journey began in Boston, USA, in 2008. What started as a single product with 3,000 customers has grown into an influential tech company with 900+  team members across six offices worldwide. In 2022, airSlate reached a total valuation of $1.25 billion and became a  'Unicorn 🦄'. But even as we scale, team members remain our most valuable asset. That's why we've built a company that excites people about their work.

We develop products that serve over 100 million users with no-code workflow automation, electronic signature, and document management solutions. The company's portfolio of award-winning products, signNow, pdfFiller, DocHub, WorkFlow, Instapage, and US Legal Forms, empower teams to digitally transform the way their organizations run.

About Security Team:

Team ensures the reliable protection of user data and the stability of the platform by implementing modern cybersecurity technologies. We work closely with product, engineering, and operations teams to minimize security risks at every stage.

In addition, the team continuously monitors threats, conducts system audits, and educates employees on secure work practices.

Team covers the following key areas of security:

– Cloud security

– Application security (AppSec)

– Access management

What you'll be working on:

• Conduct comprehensive security testing of web, mobile, and network-based applications. This includes performing security assessments, identifying risks, and advocating for necessary fixes in collaboration with product and engineering teams.
• Collaborate with product and compliance teams to ensure adherence to security standards and frameworks (e.g., PCI DSS, SOC 2, CASA) and assist in audit and external assessment preparations.
• Provide guidance on secure development practices at all stages of the SDLC, including architecture reviews, threat modeling, and risk assessments, to support secure-by-design solutions.
• Manage and maintain security automation tools such as SAST, DAST, SCA, and others, ensuring effective vulnerability detection, reporting, and integration into CI/CD workflows.
• Support incident response efforts, including investigation, triage, containment, and post-mortem analysis across various scenarios (application-level, infrastructure, user-related, etc.).
• Configure and monitor CDN, Web Application Firewalls (WAF), and bot management solutions to enhance application security.
• Apply a strong generalist security foundation to various tasks, including:
• Cloud security best practices (AWS/GCP)
• Endpoint protection (e.g., antivirus, EDR solutions)
• User security awareness initiatives
• Development and enforcement of information security policies
• Threat modeling and risk assessment methodologies (e.g., STRIDE)

What we expect from you:

• Education: Bachelor's degree in a technical field (e.g., Computer Science, Information Security, Engineering) from a technical university.
• Experience: At least 4 years of professional experience in information security, application security, or a related domain.
• Hands-on experience in performing security assessments and understanding system architecture.
• Strong communication skills to effectively collaborate and drive remediation efforts.
• Experience with security automation tools and integrating them into CI/CD workflows.
• Knowledge of compliance standards and frameworks.
• Proficiency in incident response and post-mortem analysis.
• Ability to provide security guidance throughout the SDLC.
• С1 level English proficiency (both written and spoken) is required.

What we offer:

— Flexible work environment — We value the advantages of in-person collaboration and prioritize work from our offices in Wroclaw or Bialystok. However, we also provide flexible work arrangements to accommodate remote or hybrid options and flexible scheduling.

— Bonuses and compensation — On top of a competitive base salary, we reward our team members' performance with a quarterly bonus to recognize achievements, time, and effort.

— Professional growth opportunities — We are committed to ongoing improvement and welcome those passionate about learning. We cover professional development courses, conferences, literature, English classes, and more for each team member.

— Health and well-being — We prioritize the health and well-being of our team. This is why we provide a Luxmed subscription, a multisport card for every team member, access to the office's massage room, free lunches, and healthy in-office snacks to sustain your energy.

— Stock options — At airSlate, our team members are more than employees; they're business partners. We issue stock options that grant ownership in the company, allowing everyone to share in its growth.

— Open communication — We encourage transparent communication from all team members at airSlate. Feel free to share your thoughts, ideas, and concerns with our management team, CEO, any member of our leadership team, or any team lead at any time. 

We are proud of: 

— airSlate Care for Ukraine — With a significant number of our team members in Ukraine, our foremost concern was ensuring their safety by providing both financial and logistical assistance to them and their families. What started as an immediate response has evolved into a cornerstone of the airSlate charity program. We match donations contributed by our team members, offer humanitarian aid to those affected by the conflict, distribute food packages to seniors, and support animal shelters. Our commitment remains steadfast in working towards restoring peace to Ukraine.

— airSlate Junior Club — Our sense of family extends beyond our team. All team members with children gain access to the airSlate Junior Club, featuring engaging events such as cooking classes, creative activities, and educational online games.

It is airSlate's policy to comply with all applicable equal employment opportunity laws by making all employment decisions without unlawful regard or consideration of any individual’s race, religion, ethnicity, color, sex, sexual orientation, gender identity or expressions, transgender status, sexual and other reproductive health decisions, marital status, age, national origin, genetic information, ancestry, citizenship, physical or mental disability, veteran or family status or any other basis protected by applicable national, federal, state, provincial or local law. airSlate's policy prohibits unlawful discrimination based on any of these impermissible bases, as well as any bases or grounds protected by applicable law in each jurisdiction. If you need assistance or an accommodation during the application process because of a disability, it is available upon request. airSlate is pleased to provide such assistance and no applicant will be penalised as a result of such a request. Pursuant to relevant law, where applicable, airSlate will consider for employment qualified applicants with arrest and conviction records.

Read our Recruitment Privacy Notice to Learn how we process your personal information.