Noesis

We are an international technology consultancy with a thousand talents specialized in different technologies. Every day, we work together to create innovative solutions that impact society. We are in Portugal, Spain, the Netherlands, Brazil, Ireland, and the USA. It is in cultural diversity and opportunities that we find the motivation to innovate and challenge ourselves to be better.
About company

Application security engineer

Remote

location Porto

date May 17, 2026

types Full-time

Apply here apply View all jobs

Description

Noesis is looking for an Application Security Engineer with a strong technical component and practical experience in Application Security and Secure SDLC, to join the client's Cybersecurity team.

Main Tasks and Responsibilities:

  • Execute and support Application Security activities, including:
  • - Application security assessments;
  • - Secure code reviews;
  • - Threat modelling;
  • - Validation of security controls;
  • Analyze and manage vulnerabilities and findings from:
  • - SAST, DAST, and SCA;
  • - Internal and external penetration tests;
  • Support the integration and continuous improvement of security controls in CI/CD pipelines, promoting shift-left security practices.
  • Work directly with development teams to:
  • - Clearly and practically explain security findings;
  • - Support the correction and validation of remediations;
  • - Promote good secure development practices;
  • Track vulnerabilities throughout their lifecycle, ensuring:
  • - Correct risk classification;
  • - Proper prioritization;
  • - Closure within defined SLAs;
  • Contribute to Secure SDLC initiatives, including the definition and improvement of guidelines, standards, and best practices.
  • Support security activities in modern architectures, including:
  • - Cloud-native applications;
  • - Microservices and APIs;
  • Use tools like JIRA (or equivalents) for recording and tracking activities and vulnerabilities.
  • Support audits, security reviews, and regulatory requirements applicable to the financial context.

Requirements:

  • Professional experience in Application Security, DevSecOps, Cybersecurity, or similar technical roles;
  • Solid knowledge of application vulnerabilities (e.g., OWASP Top 10, OWASP API Top 10);
  • Solid knowledge of Secure Software Development Lifecycle (SSDLC);
  • Experience in analyzing and tracking: Vulnerabilities, Security findings, Remediation actions;
  • Practical experience or strong familiarity with SAST / DAST / SCA;
  • Penetration testing (consumption and analysis of results);
  • Knowledge of security in cloud environments (AWS and/or Azure);
  • Understanding of modern application architectures (APIs, microservices);
  • Experience with tracking tools such as JIRA;
  • Ability to communicate effectively with technical teams (developers, DevOps, security engineers);
  • Strong attention to detail, autonomy, and sense of responsibility;
  • Ability to work in a regulated, dynamic environment with multiple priorities;
  • English C1.

Nice to Have:

  • Threat modelling frameworks;
  • Advanced secure code review;
  • OWASP ASVS;
  • Security testing automation;
  • Previous experience in financial or highly regulated environments.

Soft Skills:

  • Analytical and critical profile;
  • Proactivity and continuous improvement mindset;
  • Strong collaboration skills;
  • Good organization and prioritization skills.

Work model: Hybrid 2x a week in Porto.

If you meet these conditions and would like to join an innovative organization that continuously invests in developing its talents, send us your application.

Join us. Let's innovate together!

All our recruitment processes are based on equal opportunities, valuing competence and the potential of each individual, ensuring that no candidate is discriminated against based on gender, ethnicity, sexual orientation, age, religion, or physical condition.

Announcement created under Law No. 4/2019, of January 10.

hashtag Tags
DevOps