Application Security SME

Start Date: As soon as possible

End Date: End of June 2026 (Extension very likely, subject to budget approval)

Context:

We are strengthening our Application Security function within custom development. The role focuses on securing internally developed applications, SaaS applications, and supporting cloud security initiatives. This position supports and guides a Center of Excellence (CoE) based in India that performs day-to-day operational AppSec activities. The mission also includes leading two major tooling evolutions: the migration of Invicti to its new platform and the migration of Sonatype from on-premise to a SaaS solution. The environment is complex and international, involving many stakeholders across development, data science, security, and platform teams.

Typical Day:

• Regular touchpoints (1–2 times per week) with the AppSec Center of Excellence to guide operations, review dashboards, and handle escalations

• Supporting application owners and developers with onboarding, tooling integration questions, and complex AppSec cases
• Driving improvements in AppSec processes, metrics, and documentation
• Leading or contributing to security tooling migrations (Invicti and Sonatype SaaS)
• Collaborating with stakeholders to define roadmaps and improve secure development practices
• Providing expert input on design security reviews, code review reports, and threat modeling when required

Years of Experience:

Senior profile required – typically 8+ years of experience

Must Have:

• Strong experience in Application Security within a custom development context

• Solid understanding of AppSec tooling (e.g., Snyk, Invicti, Sonatype, Intigriti or equivalent tools)
• Experience with secure SDLC, secure coding concepts, and vulnerability management
• Ability to work at expert level without being fully hands-on daily, guiding a CoE instead
• Experience working in large/complex organizations with multiple stakeholders
• Strong communication skills in English
• Proactive and autonomous mindset

Ideal Candidate:

• A senior Application Security professional who can take ownership of tooling and processes

• Comfortable acting as a subject matter expert and advisor, not just an operator
• Proactive in identifying gaps, proposing improvements, and driving initiatives forward
• Able to engage confidently with developers, architects, platform teams, and security leadership
• Capable of quickly mastering existing tools and new functionalities to maximize value

Nice to Have:

• Prior experience with specific tools (Snyk, Invicti, Sonatype, Intigriti)

• Security certifications (AppSec, testing, or security-related)
• Familiarity with GxP concepts (not mandatory, limited impact)
• Exposure to GenAI/LLM security topics

Homeworking Policy:

Fully remote role. Europe/Brussels time zone preferred, but flexibility possible.