Senior Application Security Engineer

Vilnius / Kaunas / Warsaw / Tallinn / Berlin
"The quieter you become, the more you can hear," hints a quote on our Cyber Security team's desktop wallpapers, and it's actually true.

To achieve the highest level of protection in the company, the Cyber Security team builds and fine-tunes security systems, processes, and training programs to ensure that passive cybersecurity is the first line of defense. 

Each day this team fights against cyber criminals using globally trusted cybersecurity products that are not limited but include EDR/XDR, WAF, HIDS, and NIDS solutions. They collect threat intelligence information and adopt it in our systems to prevent cybersecurity incidents.

Horrifying threats like malware, ransomware, web applications attacks, Man-in-the-Middle attacks, social engineering, DDOS, privileges escalations, vulnerabilities, and remote code execution only bring a smile to the faces of this Cyber Security squad. However, what they like the most is threat hunting. We can't tell you anything else as we need to keep our top security secrets, but we can promise you won't be bored if you join this team.

If you want to:

  • Conduct regular security assessments on new and existing products and perform code reviews to proactively find potential vulnerabilities;
  • Seek out opportunities to automate processes when appropriate and integrate automation within CI/CD pipeline;
  • Identify emerging classes of vulnerabilities and develop solutions for them before they're a problem;
  • Triage and perform root cause analysis on reported vulnerabilities;
  • Contribute security-focused feedback to engineers during all phases of the development lifecycle;
  • Communicate risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns;
  • Maintain and create secure development practices and programs for our engineering teams;
  • Act as an ambassador for security within Surfshark and lead the Security Champions program.

  • And you can check off:

  • 3+ years experience in security testing of web applications and native apps;
  • Deep understanding of web and mobile application architecture and design principles;
  • Strong written and verbal communication skills and ability to communicate with empathy when delivering constructive feedback regarding security matters to engineers and product managers;
  • Experience with manual secure code review in languages such as PHP, JavaScript. C#, Kotlin, and SWIFT is a plus;
  • Familiarity with common web application testing tools for DAST, SAST, IAST, and SCA analysis, such as Burp Suite, SonarQube, SEMGREP;
  • Knowledge of authentication mechanisms like OAuth, etc.;
  • Understanding common security flaws and resolutions published by OWASP, SANS, etc.;
  • Knowledge of how to test code and applications across various platforms (iOS, Mac, Linux, Windows, Android, etc.) for security;
  • Ability to see patterns and commonalities to investigate complex issues;
  • Organizational skills to bring together and record detailed and accurate information about bugs and systemic issues.

  • Bonus points if you:

  • Have experience with Amazon AWS services and are familiar with Kubernetes and VPN solutions;
  • Current or former security training or certifications such as OSWE or similar;
  • Have some background in software engineering in a collaborative and dynamic environment.

  • Here's the deal:

  • Growth and learning opportunities: time dedicated to learning, conferences, online learning platforms, and books for your professional development;
  • Health and wellness:we want you to feel and be your best. That's why we offer various benefits, from online workouts, a physical coach and a gym to regular mental health checks;
  • Tools of your choice: choose technical equipment and the tools you need to do your best;
  • Community and celebrations: get ready for long-lasting traditions such as Beer Fridays and On the Wave of Things, with a touch of various team buildings and company celebrations;
  • Convenient commuting: traveling from point A to point B can be a pain. That’s why, depending on your unique circumstances, we compensate part of your public transport costs;
  • Work-life balance: as a general rule, we work based on a 3+2 hybrid model. And let’s not forget the WFA policy – an opportunity to work from anywhere in the world;
  • More days off: additional vacation days depending on your tenure;
  • Premium Surfshark accounts: for you, your family, and friends;
  • Gross salary: 3140 - 5950 Eur/month for the Lithuanian market. It may vary depending on your skills, experience, or location. 
  • Share:

    Apply for this Job

    Tell us about yourself

    Your CV

    Upload .pdf, .doc, .docx, .png, or .jpg file*

    Got anything else to add? We’d love to chat with you!

    By ticking this box, you agree with Surfshark B.V. contacting you with future job opportunities for up to 3 years. Your personal data will be processed as described in this Privacy Notice. You can always withdraw your consent.

    Fields marked with an asterisk (*) are required.

    How we hire

    Here at Surfshark, we don’t believe in the “one size fits all” process. We tailor it to ensure the best experience for our candidates and to match them with the right job position.

    Get to know you

    We start with a simple “hello” - whether that’s online or in-person - to see if our expectations match.

    Technical task/interview

    If we agree to move forward, we find the best way for you to showcase your skills and expertise.

    Get to know our team

    We want our teams to have chemistry, so we provide an opportunity to meet potential teammates or other colleagues for a chat.

    What’s next?

    An offer, more discussions - this is up to you. We want you to feel confident with your decision and make the right choice.

    Three Surfshark colleagues are sitting at an office kitchen table

    Looking for something different?

    Take a look at what else is open.

    All job openings