Senior Application Security Engineer

As an Application Security Engineer at Brightflag, you will play an integral role in the success of our engineering team and help ensure that features are delivered securely. We have a number of high-profile customers across Europe, the US, and Australia, and we are growing quickly. Our engineers take ownership of their work, solve complex problems creatively, and contribute to building exceptional products. We build products using an Agile, process-driven methodology. As a subject matter expert, you will work with the Product & Engineering teams to embed security in requirements, technical designs, and implementation to ensure alignment with our InfoSec and Engineering security standards. What You Will Be Doing Drive our Secure By Design approach: embed security into the SDLC by reviewing requirements with security impact, assessing technical designs, and performing secure code reviews. Conduct penetration testing on application features for vulnerabilities, including OWASP Top 10 issues and emerging threats, and work with engineering to remediate findings. Improve DevOps security by integrating static analysis (SAST), dependency scanning, dynamic testing (DAST), and security automation into CI/CD, ensuring security across our tech stack (includes Java, Spring, MySQL, Elastic, AWS). Develop and deliver security training and mentoring to software engineers, ensuring security knowledge is shared across teams. Secure the integration of AI/ML-based features by applying security best practices to data-driven applications and mitigating risks unique to LLMs and data pipelines. Collaborate with our DevOps and AWS infrastructure security team, supporting testing and scanning of vulnerabilities in the application tech stack. Support and guide the external penetration testing process, ensuring findings translate into actionable security improvements.

Hello, We're Brightflag - one of the fastest-growing tech startups in the legal world - we're on a mission to transform legal operations. Our patented AI-powered software combined with a best-in-class Customer Success team empowers corporate legal teams to do better, no matter the starting point. Our SaaS platform was the first to apply artificial intelligence and machine learning to legal operations management and has invested more than 100,000+ hours in its development. Using Brightflag, corporate legal teams achieve visibility into their operations, streamline internal workflows, and engage with outside counsel more efficiently.