Application Security Engineer (Remote in Bulgaria, Germany, Italy, Serbia, Turkey)

constructortech· HelpDesk
Apply Now ↗
📍 Serbia, Belgrade

About this role

Our mission

Constructor’s mission is to enable all educational organisations to provide high-quality digital education to 10x people with 10x efficiency. 

With strong expertise in machine intelligence and data science, Constructor’s all-in-one platform for education and research addresses today’s pressing educational challenges: access inequality, tech clutter, and low engagement of students.

Please send your resume in English only.

We are seeking an Application Security Engineer with a strong background in web application security design, secure development practices, and vulnerability testing. This role also requires practical experience with Software Bill of Materials (SBOM) management and implementation, contributing to our secure SDLC and software supply chain risk reduction efforts.

Duties and Responsibilities:

  • Perform threat modeling, security architecture review, and design analysis for web applications and APIs.
  • Conduct manual and automated security testing during development and pre-release stages.
  • Design and implement security pipelines (including SAST and DAST) and integrate them into the SDLC process.
  • Implement and manage SBOM generation and consumption processes across the SDLC.
  • Collaborate with development teams to ensure timely remediation of identified vulnerabilities.
  • Maintain security guidance aligned with OWASP best practices and provide trainings for development teams.
  • Stay current with evolving application security threats, tools, and industry developments.

Qualifications and Experience:

  • 3–5 years of experience in application security, with a focus on web applications and API security.
  • Good knowledge of at least one scripting or programming language (e.g., Python, JavaScript, C#, or Go).
  • Experience with tools like OWASP ZAP, Burp Suite, Snyk, or similar.
  • Familiarity with secure coding, DevSecOps, and container security concepts.
  • Strong understanding of CVE, CVSS, and vulnerability disclosure workflows.
  • Excellent command of business English.
  • Preferred Qualifications:
  • Knowledge of SBOM standards (CycloneDX, SPDX) and experience integrating SBOM tooling into CI/CD pipelines.
  • Knowledge of software composition analysis (SCA) tools.

What We Offer

  • 💻 Choice of work equipment (e.g., laptop, monitor, etc.)
  • 🇬🇧 English classes (iTalki – $130 monthly)
  • ⏰ Flexible schedule (we usually work between 09:00/10:00 and 18:00/19:00 CET or EET)
  • 👶 Newborn bonus (€500 per child)
  • 🧠 Patent remuneration
  • 🌴 Paid leave
  • 🧑‍💻 Remote work in locations without our offices
  • Hybrid work in locations with offices (2 days in-office, 3 days remote)

Constructor fosters equal opportunity for people of all backgrounds and identities. We are led by a gender-balanced board committed to building a diverse and inclusive organisation where everyone can become their best self. We do not discriminate based on age, disability, gender identity, sexual orientation, ethnicity, race, religion or belief, parental and family status, or other protected characteristics. We welcome applications from women, men and non-binary candidates of all ethnicities and socio-economic backgrounds. We encourage people belonging to underrepresented groups to apply.

Frequently Asked Questions

Is the salary disclosed for the Application Security Engineer (Remote in Bulgaria, Germany, Italy, Serbia, Turkey) position at constructortech?
The salary for this Application Security Engineer (Remote in Bulgaria, Germany, Italy, Serbia, Turkey) role at constructortech is not publicly listed. Click "Apply Now" to learn more about the compensation package on their official careers page.
Where is the Application Security Engineer (Remote in Bulgaria, Germany, Italy, Serbia, Turkey) position at constructortech located?
This Application Security Engineer (Remote in Bulgaria, Germany, Italy, Serbia, Turkey) role at constructortech is based in Serbia, Belgrade. The position is listed as on-site or hybrid. Check the full job description or apply directly to confirm the work arrangement.
Which team or department does the Application Security Engineer (Remote in Bulgaria, Germany, Italy, Serbia, Turkey) at constructortech belong to?
This Application Security Engineer (Remote in Bulgaria, Germany, Italy, Serbia, Turkey) position is part of the HelpDesk department at constructortech. See the full job description for more information about the team structure and responsibilities.
How do I apply for the Application Security Engineer (Remote in Bulgaria, Germany, Italy, Serbia, Turkey) position at constructortech?
Click the "Apply Now" button on this page. You will be redirected to constructortech's official application portal hosted on greenhouse where you can submit your application directly.
When was the Application Security Engineer (Remote in Bulgaria, Germany, Italy, Serbia, Turkey) job at constructortech posted?
This Application Security Engineer (Remote in Bulgaria, Germany, Italy, Serbia, Turkey) position at constructortech was posted on Apr 22, 2026. Apply as soon as possible — early applications are often reviewed first.
Application Security Engineer (Remote in Bulgaria, Germany, Italy, Serbia, Turkey)
constructortech
Apply for this role ↗

You'll be redirected to constructortech's official application page on Greenhouse.