Application Security Engineer

About Nebius

Nebius is pioneering a new era in cloud infrastructure for the global AI economy. We are developing a comprehensive AI cloud platform designed to support developers and enterprises from data and model training through to production deployment, eliminating the need for costly in-house AI/ML infrastructure. Built by engineers for engineers, we address complex challenges across compute, storage, networking, and applied AI. As a Nasdaq-listed company (NBIS) headquartered in Amsterdam, Nebius boasts a global footprint with R&D hubs across Europe, the UK, North America, and Israel, powered by a team of over 1,500 professionals, including hundreds of engineers with deep expertise in hardware, software, and AI R&D.

The Role

The Platform Security organization's Security Engineering Team is responsible for the strategic selection, implementation, management, and optimization of cybersecurity tools and technologies that enhance the platform's security capabilities. We aim to fortify our security posture, proactively identify and respond to threats, and ensure the resilience and protection of critical data, systems, and services. We are looking for an Application Security Engineer to ensure the security of our software by identifying and mitigating vulnerabilities, implementing best security practices, and collaborating with development teams. The ideal candidate will possess a strong background in secure coding, vulnerability assessment, and penetration testing.

Your Responsibilities

• Build and maintain ASPM tools and their associated rules.
• Identify, analyze, and remediate application security vulnerabilities using tools like ASPM.
• Collaborate with development teams to integrate security best practices into the Software Development Lifecycle (SDLC).
• Conduct manual and automated penetration testing of applications.
• Develop and maintain secure coding guidelines for development teams.
• Facilitate threat modeling and risk assessments for new and existing applications.
• Stay current with the latest security threats, vulnerabilities, and mitigation techniques.
• Serve as an application security subject matter expert for other teams.

We Expect You to Have

• 4+ years of experience in application security.
• Strong knowledge of common application security risks (e.g., OWASP Top 10) and mitigation strategies.
• Experience with secure coding practices in languages such as Python, Go, Java, or JavaScript.
• Proficiency in a common programming language (e.g., Go or Python), with a willingness to learn Go if necessary.
• Hands-on experience with security testing tools (e.g., Burp Suite, ZAP, Semgrep).
• Understanding of authentication protocols like SAML or OIDC.
• Experience conducting threat modeling sessions.
• Strong problem-solving and analytical skills.
• Good written and verbal communication skills in English.
• A willingness to learn new things.
• Comfort working independently.

Added Bonus If You Have

• Confidence in presenting ideas and opinions, responding well to feedback.
• Experience in designing, building, and maintaining security automation.
• Experience translating compliance and regulation requirements into technical specifications.
• Experience exploiting vulnerabilities in web applications, Linux kernels, containers, and networks.
• Security certifications such as OSCP or OSWE.

Compensation & Benefits

• Base Compensation Range: €75,000 - €240,000 EUR (Actual compensation will depend on job-related factors, experience, skills, qualifications, hiring level, and geographic location).
• Competitive compensation and benefits packages.
• Career growth and learning opportunities.
• Flexibility and ownership.
• Collaborative and innovative culture.
• Opportunity to work on impactful AI projects.
• International environment and talented teams.

What's it like to work at Nebius

Fast-moving - Bold thinking - Constant growth - Meaningful impact - Trust and real ownership - Opportunity to shape the future of AI.