Application Security (AppSec) Engineer

Joom Group is an international tech-centric group of e-commerce companies founded in 2016 in Latvia. We are here to transform the largest industry in the world, global trade, making it more transparent, efficient, and technology-driven.

Today, Joom Group brings together the following businesses: Joom, a platform for shopping from all over the world; JoomPro, the first end-to-end cross-border B2B marketplace, with successful operations in Brazil and plans to expand to other markets; JoomPulse, data platform that provides analytics and recommendations for marketplace sellers; and Onfy, a pharmaceutical marketplace in Germany. Joom Group’s offices are located in China, Brazil, Portugal, Latvia, and Germany, with headquarters in Lisbon, Portugal. We work as one international team, sharing knowledge and collaborating across countries, businesses, and products.

As we continue to grow and introduce new products and services, we become increasingly susceptible to security threats. We are currently seeking an Application Security Engineer for our infrastructure team to stay informed about current threats and ensure the security of our development and applications.

This role offers the opportunity to develop the application security direction from the ground up and achieve international certification.

We prioritize innovation over bureaucracy and legacy code and are always open to fresh ideas.

Responsibilities

• Implement SSDLC with the development team

• Analyze the security of the company's products

• Assist teams in addressing vulnerabilities

• Stay informed about current threats and develop code protections

Requirements

• 3+ years of experience in web/mobile application security

• Experience in securing mobile and web applications

• Experience in building secure development processes (SSDLC)

• Experience with white box testing

• Knowledge of *NIX systems and basic network protocols

Preferred

• Experience in bug bounty programs

• Relevant information security certifications (e.g., OSCP, CompTIA Security+)

• CVE authorship

• Proficiency in Go, Python, or Java

We offer

• Compensation package: base salary and performance-based bonuses

• Office-first: flexible hours with a possibility to work remotely 52 days per year, and 22 days of paid annual leave

• Care & Wellbeing: health insurance (including dental care) for employees and their children, daily meal allowance, and 100% paid sick leave

• Team & Growth: collaboration with colleagues across Portugal, Brazil, Latvia and China, with opportunities for promotions, professional trainings, and English courses

• Community & Engagement: annual team building activities, knowledge-sharing workshops, and a strong sense of team work