Application Security Engineer

About the Role:

As a Security Engineer focused on Application and Product Security, you will play a key role in improving the security posture of our applications, services, and development ecosystem. You will work closely with engineering teams to integrate security into the software development lifecycle, build secure-by-default patterns, and ensure that products are resilient against modern threats. This role combines hands-on technical work, security engineering, and collaboration with developers to guide secure design and remediation. You will help implement security controls, perform assessments, and contribute to the continuous improvement of our security program.

As an Application Security Engineer at Starburst you will:

• Integrate application security best practices into the development lifecycle by partnering with engineering teams and enabling automated security checks within CI/CD pipelines.
• Support and maintain Application Security based tooling—including SAST, DAST, SCA, and secrets scanning—and help developers interpret and remediate findings.
• Conduct secure code reviews, threat modeling sessions, and application architecture assessments to identify risks and propose mitigation strategies.
• Develop and maintain security automation, guardrails, and reusable components.
• Assist in defining and improving secure coding standards and application hardening practices.
• Support monitoring and detection efforts by helping improve application-level logging, telemetry, and alerting.
• Assist in incident response activities related to application vulnerabilities, including verification, triage, and remediation support.
• Stay current on emerging threats, vulnerabilities, and best practices in application and product security.
• Contribute to documentation including security requirements, guidelines, and remediation playbooks.
• Participate in internal security reviews, compliance-driven assessments, and architectural walkthroughs.
• Develop and help maintain existing application security tools, pipelines, and workflows.
• Collaborate with engineering and product teams to ensure secure deployment and continuous improvement of applications.

Some of the things we look for:

• Bachelor’s degree in Computer Science, Engineering, MIS, or equivalent practical experience.
• 2–5 years of experience in application security, product security, software engineering with a security focus, or a related technical role.
• Strong understanding of application vulnerabilities and mitigation strategies (OWASP Top 10, CWE).
• Experience with CI/CD tooling, Git-based workflows, and modern development practices.
• Familiarity with cloud security concepts and hands-on experience with at least one cloud platform (AWS, Azure, or GCP).
• Experience with one or more programming languages such as Python, Go, Java, JavaScript/Typescript, or Ruby. (Java and Python preferred.)
• Experience with application security tools such as OWASP ZAP, Burp Suite, SAST/DAST tools, SCA, or dependency scanning.
• Knowledge of secure coding principles, API security, authentication, authorization, and secrets management.
• Strong problem-solving skills and the ability to communicate technical issues clearly to developers and cross-functional stakeholders.
• Understanding of agile development processes and working within engineering teams.
• Ability to Travel: This role will require 25% in-person travel for purposes including but not limited to new hire onboarding, team and department offsites, customer engagements, and other company events. Actual travel expectations may vary by role and business needs.

Where could this role be based?

This role is based in our Warsaw office and follows a hybrid model, with an expectation of being onsite 1-2 days per week.