Home
Recruiter
Sign In

Application Security Engineer

Remote from
UK flagEurope flag
UK, Europe +3 more, Germany, Netherlands, Czechia
Salary, yearly, EUR
75,000 - 240,000
Department
Cybersecurity
Employment type
Full Time,
Job posted
Apply before
16 Jul 2026
Experience level
Midweight
Views / Applies
20 / 6
About company Share

About Nebius

Nebius is the AI cloud company, delivering a unified platform that spans the complete AI journey from data and model training and tuning to production runtime and deployment.

Verified job posting
This job post has been manually reviewed for authenticity and compliance.

AI Summary

Nebius is seeking an Application Security Engineer to fortify its AI cloud platform. The role involves building and maintaining ASPM tools, identifying vulnerabilities, and collaborating with development teams to integrate security into the SDLC. Candidates need 4+ years of experience, proficiency in secure coding and penetration testing, and knowledge of OWASP Top 10. The company offers competitive compensation and a fast-paced, innovative environment. This position is ideal for a self-driven security expert passionate about protecting cutting-edge AI infrastructure.

Role DNA

Job Complexity
Easy Hard
Pace & Pressure
Relaxed Fast-paced
Autonomy Level
Guided Full Ownership
Communication Load
Independent Highly Collaborative
AI Insight The role requires 4+ years of experience, deep technical skills in secure coding, vulnerability assessment, and penetration testing, along with the ability to collaborate and work independently, making it a challenging position.

Salary Analysis

Median Above Market
EUR157,500
EU Market
EUR60k – 150k
0 EUR173k
AI Insight The offered salary range of €75,000 to €240,000 is competitive, with a median of €157,500, which is above the European market average for this role. The wide range reflects potential for seniority and location adjustments.

Key Skills

Application Security OWASP Top 10 Penetration Testing Secure Coding Vulnerability Assessment Threat Modeling Burp Suite Python Go SDLC

Dear Hiring Team,

I am writing to express my interest in the Application Security Engineer position at Nebius. With over 4 years of experience in application security, I have a strong track record of identifying and mitigating vulnerabilities, implementing secure coding practices, and collaborating with development teams. My expertise includes conducting manual and automated penetration testing, threat modeling, and using tools like Burp Suite and Semgrep. I am particularly drawn to Nebius's mission of leading AI cloud infrastructure and am eager to contribute to securing your platform. Thank you for considering my application.

Sincerely,
[Your Name]

Describe your experience with OWASP Top 10 and how you have mitigated these vulnerabilities in past projects.
I have extensive experience with OWASP Top 10, having worked on web applications where I mitigated SQL injection by using parameterized queries, XSS by input sanitization, and CSRF by implementing anti-CSRF tokens. I also conducted regular scans and code reviews to ensure compliance.
How would you integrate security into a CI/CD pipeline?
I would incorporate security scanning tools like SAST (e.g., Semgrep) and DAST (e.g., OWASP ZAP) into the pipeline, set thresholds for severity levels, and automate vulnerability assessments. Additionally, I would enforce secure coding standards and conduct peer reviews.
Can you explain the process of threat modeling you use?
I typically follow the STRIDE methodology, identifying threats for each component, then prioritizing based on impact and likelihood. I use tools like Microsoft Threat Modeling Tool and collaborate with developers to mitigate risks early.
Describe a challenging vulnerability you found and how you remediated it.
I once discovered a remote code execution vulnerability in a legacy application. I worked with the development team to apply input validation, update dependencies, and implement a web application firewall rule as a temporary fix until a patch was deployed.
How do you stay updated with the latest security threats?
I follow security blogs, subscribe to mailing lists like OWASP and SANS, attend conferences, and participate in CTF competitions. I also review CVE databases and apply relevant patches to our systems.

About Nebius:

Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from data and model training through to production deployment, without the cost and complexity of building large in-house AI/ML infrastructure.

Built by engineers, for engineers. From large-scale GPU orchestration to inference optimization, we own the hard problems across compute, storage, networking and applied AI.

Listed on Nasdaq (NBIS) and headquartered in Amsterdam, we have a global footprint with R&D hubs across Europe, the UK, North America and Israel. Our team of 1,500+ includes hundreds of engineers with deep expertise across hardware, software and AI R&D.

The role

The Security Engineering Team within the Platform Security organization is responsible for the strategic selection, implementation, management, and optimization of cybersecurity tools and technologies that improve security capabilities of the organization’s platform. This team is instrumental in fortifying the security posture, proactively identifying and responding to security threats, ensuring the resilience and protection of critical data, systems, and services.

We are looking for an Application Security Engineer who will ensure the security of our software by identifying and mitigating vulnerabilities, implementing best security practices, and collaborating with development teams. The ideal candidate will have a strong background in secure coding, vulnerability assessment, and penetration testing.

Your responsibilities will include:

  • Build and maintain ASPM tools and their rules.

  • Identify, analyze, and remediate application security vulnerabilities using tools like ASPM.

  • Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC).

  • Conduct manual and automated penetration testing of applications.

  • Develop and maintain secure coding guidelines for development teams.

  • Facilitate threat modeling and risk assessments on new and existing applications.

  • Stay updated on the latest security threats, vulnerabilities, and mitigation techniques.

  • Serve as an application security subject matter expert to other teams.

We expect you to have:

  • 4+ years of experience in application security.

  • Strong knowledge of common application security risks (e.g. OWASP Top 10) and how to mitigate them.

  • Experience with secure coding practices in languages such as Python, Go, Java, or JavaScript.

  • Proficiency in a common programming language (such as Go or Python) with a willingness to learn Go, if necessary.

  • Hands-on experience with security testing tools (Burp Suite, ZAP, Semgrep, etc.).

  • Understanding of authentication protocols like SAML or OIDC.

  • Experience in conducting threat-modeling sessions.

  • Strong problem-solving and analytical skills.

  • Good written and verbal communication skills in English.

  • Willingness to learn new things.

  • Being comfortable working independently.

It would be an added bonus if you had:

  • Confidence in presenting your ideas and opinions in a manner that can be challenged, while responding well to feedback.

  • Experience in designing, building, and maintaining security automation.

  • Experience in translating compliance and regulation requirements into technical specifications.

  • Experience in exploiting vulnerabilities in web applications, Linux kernels, containers, and networks.

  • Security certifications such as OSCP or OSWE.

We conduct coding interviews as part of the process.

Pay Transparency

We offer competitive compensation and benefits packages. Actual compensation will be determined based on job-related factors, including experience, skills, qualifications, the level at which the candidate is hired, and geographic location, consistent with applicable law.

Base Compensation Range
€75.000—€240.000 EUR

Benefits & Perks:

  • Competitive compensation
  • Career growth and learning opportunities
  • Flexibility and ownership
  • Collaborative and innovative culture
  • Opportunity to work on impactful AI projects
  • International environment and talented teams

What’s it like to work at Nebius:

Fast moving – Bold thinking – Constant growth – Meaningful impact – Trust and real ownership – Opportunity to shape the future of AI 

Equal Opportunity Statement:

Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law.

Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire. 

If you need accommodations during the application process, please let us know.

Apply now >

This job listing has been manually reviewed by the Jobicy Trust & Safety Team for compliance with our posting guidelines, including verification of the company's legitimacy, accuracy of job details, clarity of remote work policy, and absence of misleading or fraudulent content.

How to apply

Did you apply? Let us know, and we’ll help you track your application.

For safety tips, see our guides, and please let us know if you need any assistance.

Log in to save
You're almost done!

Create a free account with us to save a history of all jobs you've shown interest in.

You can also continue as a guest if you prefer.

Share

See a few more

Similar Cybersecurity remote jobs

More Jobs

Job Search Safety Tips

Here are some tips to help you search and apply for jobs safely:
Watch out for suspicious jobs Don't apply for jobs that offer high pay for little work or offer to hire you without an interview. Read more ›
Check the employer's profile Make sure you're applying for a trustworthy job by visiting the employer's profile and learning more about them. Read more ›
Protect your information Don't share personal details like your bank account or government-issued ID on suspicious websites or messengers. Read more ›
Report jobs that feel unsafe If you see a job that seems misleading, inappropriate or discriminatory, report it for going against our policies and we'll review it.

Share this job

Jobicy+ Subscription

Jobicy

617 professionals pay to access exclusive and experimental features on Jobicy

Free

USD $0/month

For people just getting started

  • • Unlimited applies and searches
  • • Access on web and mobile apps
  • • Weekly job alerts and digest
  • • Access to additional tools like Bookmarks, Applications, and more

Plus

USD $8/month

Everything in Free, and:

  • • Ad-free experience
  • • Daily job alerts and digest
  • • Personal career consultant
  • • AI-powered job advice
Go to account ›