PLEASE READ BOLD TEXT BEFORE APPLYING:
€80–100K + bonus Remote (Travel to the Belgrade office quarterly for a few days and all expenses paid for) AGAIN Note: Remote-first role with travel to Serbia every 3 months for a few days.

A large-scale gaming/gambling enterprise is seeking an experienced Application Security Engineer to drive SDLC security integration across web and mobile platforms. You will work closely with engineering and Dev Ops teams to ensure security is embedded from design through to deployment.
Key Responsibilities SDLC security integration: Embed security controls into CI/CD pipelines and development workflows. Enterprise collaboration: Partner with Engineering and Dev Ops teams in a large-scale environment. Secure development practices: Guide engineers on secure coding (Java, Spring/Spring Boot, microservices). Security testing & automation: Run SAST/DAST, dependency scanning, and manual testing. Penetration testing: Identify vulnerabilities through controlled testing. Vulnerability management: Prioritise and remediate risks across applications and dependencies. Secure deployment: Ensure application security across cloud and on-prem systems. Reviews & governance: Support code reviews, threat modelling, and risk assessments.
Requirements5+ years in Application Security / Dev Sec Ops, ideally within large or enterprise organisations Proven experience in SDLC security integration and embedding security into CI/CD pipelines Strong Java (Spring/Spring Boot, microservices) experience Hands-on with SAST/DAST tools and security automation Knowledge of OWASP Top 10, SANS Top 25, API security Scripting skills (Python, Java Script, or Shell) Strong communication and stakeholder engagement skills
Nice to Have Security certifications (OSCP, OSWE, OSCE, GPEN) Experience in high-scale or regulated enterprise environments