Application Security Engineer

About the Role

Wrike, the most powerful work management platform, is looking for an Application Security Engineer to join their team. You will play a critical role in helping product teams build and ship securely by default, working closely with engineering to identify risks early, strengthen secure design and coding practices, and enable safe feature releases without unnecessary friction.

Your Impact

• Own recurring Application Security activities for multiple product teams, including secure design reviews, threat modeling, code review, testing validation, and remediation guidance.
• Assess vulnerabilities and findings from scanners, testing, bug reports, and internal reviews, distinguishing meaningful risk and helping teams focus on critical issues.
• Validate security fixes and recommend practical alternatives when ideal remediation is not immediately possible.
• Improve day-to-day AppSec workflows by tuning checks, refining rules, improving triage quality, and integrating security into developer workflows and CI/CD pipelines.
• Help engineers understand security findings in practical product terms by providing clear prioritization and actionable remediation guidance.
• Contribute to secure-by-default development practices by reinforcing standards, reference patterns, and review expectations.
• Utilize structured AI workflows to support complex AppSec analysis, such as broader codebase review, design decomposition, review preparation, and documentation synthesis, while maintaining guardrails around prompt hygiene, human oversight, and output quality.

Your Qualifications

• Strong hands-on knowledge of common web and API security issues, authentication and session management concepts, secrets handling, and secure coding fundamentals.
• Proven experience conducting secure code reviews in modern engineering environments (Java, TypeScript, PHP), with the ability to clearly explain security flaws and collaborate on remediation.
• Experience leading or facilitating routine threat modeling for product features or services and translating outcomes into actionable security requirements.
• Experience managing Application Security tools (SAST, SCA, DAST, secrets scanning), bug bounty platforms, with a focus on CI/CD integration, false positive reduction, and signal quality improvement.
• Working knowledge of OAuth/OIDC, service-to-service authentication, secrets management, and foundational cloud or container security concepts.
• Ability to prioritize findings based on exploitability, exposure, business impact, and remediation effort.
• Strong written and verbal communication skills, with the ability to work effectively with engineers, technical leads, and product stakeholders.
• Sound judgment when using AI-assisted workflows, treating AI as a copilot and validating correctness, exploitability, and business context before taking action.

Standout Qualities

• Experience building AppSec automations, improving developer workflows, or tuning security controls in CI/CD environments.
• Experience delivering practical secure coding guidance or lightweight internal security training.
• Background in privacy-sensitive systems, cloud-native services, or multi-service architectures.
• Experience supporting security for AI/ML product features, model-integrated systems, or governance of AI-assisted engineering workflows.

Team Dynamics

You will partner closely with backend, frontend, mobile, platform, QA, and product teams daily, collaborating with peers across security, infrastructure, and compliance. Success requires building trusted relationships with engineers, communicating clearly, and translating security concerns into practical guidance.

Our Work Style

This is a collaborative, hands-on role embedded in the software development lifecycle. You will work closely with product and engineering teams to integrate security into design, development, and delivery processes, helping create secure-by-default outcomes without slowing teams down. You’ll use secure review practices, threat modeling, AppSec tooling, CI/CD integrations, and structured AI-assisted analysis to support high-quality security decisions. This role offers the opportunity to influence product security posture and developer experience at scale.

Why Join Wrike?

• 5 Weeks of paid vacation
• Sick Leave Compensation:
• 5 Paid Uncertified Sick Days
• 2 weeks fully paid with medical certificate, additional 4 weeks paid at 80% salary rate
• Parental Leave (fully paid): 18 Weeks Maternity / 4 Week Paternity
• 2 Volunteer Days
• Meal Vouchers (CZK 220 per working day)
• Annual Prague Travel Card (Lítačka)
• Hybrid Working Model
• Benefit budget with flexible options, including a MultiSport card, Canadian Medical membership, contributions to a pension savings plan, and additional choices available through Benefit Plus.

Recruitment Process

• Intro call with a Recruiter
• Technical interview
• Cultural interview

Your recruitment buddy is Aleksandar Chernev, Senior Technical Recruiter.

Who Is Wrike and Our Culture

Wrike is a team of innovators and creators solving complex work problems. Our vision is a world where everyone is free to focus on their most purposeful work, together. We support talent across 10 global hubs with flexible ways of working, including remote, hybrid, and co-working spaces. Employees located near certain hubs (Prague, Nicosia, Bangalore, Rennes) are generally expected to collaborate in person 2-3 days per week.

Our Persona

• Smart: We love what we do and are experts in our domain.
• Dedicated: We are focused on helping our customers and teammates win.
• Approachable: We are friendly, considerate, and helpful.

Our Culture and Values

• Customer-Focused: We care about our customers and make decisions with them in mind.
• Collaborative: We work as one, bringing unique strengths for better outcomes, fostering creative collaboration.
• Creative: We strive for success through continuous innovation, transcending conventional boundaries.
• Committed: We believe in ownership at all levels, driving personal and collective growth.