AppSec Engineer
CoinsPaid is a leading crypto payment ecosystem offering services for businesses and individuals. They provide a secure and reliable platform for accepting, storing, and exchanging over 50 cryptocurrencies, facilitating seamless integration for online businesses to tap into the crypto market.
About CoinsPaid
CoinsPaid provides a comprehensive suite of crypto payment solutions designed for various online businesses, including iGaming, e-commerce, and subscription services. Their ecosystem includes a business wallet for managing crypto assets, a payment gateway for processing transactions, and an OTC desk for large-volume exchanges. For individuals, CoinsPaid offers a personal wallet for everyday crypto use. The platform emphasizes security, holding an EU license and undergoing regular security audits, and aims to bridge the gap between traditional finance and the digital currency world. Their services are designed to help businesses expand their customer base, reduce costs, and mitigate the risks associated with crypto volatility.
Skills
About the Role
You will support and continuously improve the vulnerability management process, working closely with engineering teams to keep the company's security posture strong. You'll triage vulnerabilities, assess risk, prioritize issues, and track remediation efforts across applications, infrastructure, containers, and cloud environments. You'll analyze findings from multiple security tools, cut through noise with effective prioritization, and keep stakeholders informed through clear reporting and metrics on SLAs. You'll take part in threat modeling for new systems and significant architectural changes, conduct security risk assessments, and turn findings into actionable recommendations. You'll help define application security requirements alongside engineering teams and support secure SDLC initiatives, embedding security into everyday development workflows. You'll also guide developers and DevOps engineers on vulnerability remediation and secure design practices.
Requirements
- 4+ years of experience in Application Security, Product Security, Vulnerability Management, or a related security discipline
- Hands-on experience managing and prioritizing vulnerabilities across applications, infrastructure, containers, and cloud environments
- Strong understanding of OWASP Top 10, CWE, CVSS, EPSS, MITRE ATT&CK, and risk-based vulnerability management approaches
- Experience with security testing technologies such as SAST, DAST, SCA, Container Security, and Cloud Security tools
- Experience conducting threat modeling and security risk assessments
- Understanding of modern software development practices and CI/CD pipelines
- Familiarity with Kubernetes and cloud platforms (AWS, GCP, or Azure)
- Ability to analyze security findings and make risk-based remediation recommendations
- Strong stakeholder management and communication skills
Responsibilities
- Support and continuously improve the company's Vulnerability Management process
- Perform vulnerability triage, risk assessment, prioritization, and remediation tracking
- Work with engineering teams to ensure timely remediation of identified vulnerabilities
- Analyze findings from multiple security tools and sources and reduce noise through effective prioritization
- Monitor vulnerability remediation SLAs and provide visibility into security posture through reporting and metrics
- Participate in threat modeling activities for new systems, services, and significant architectural changes
- Conduct security risk assessments and provide actionable recommendations
- Define and maintain application security requirements in collaboration with engineering teams
- Support Secure SDLC initiatives and help integrate security practices into development workflows
- Provide guidance to developers and DevOps engineers on vulnerability remediation and secure design practices
Benefits
- Benefit Bar – up to €230/month flexible monthly budget for sports, mental health, coworking, home office, or medical-related expenses
- Fully remote work from almost anywhere
- Optional offices and relocation support
- Flexible, async-friendly environment
- Budget for courses, certifications, and professional development
- Language learning support
- Cross-team learning and knowledge sharing
- Medical insurance or reimbursement depending on location
- Access to mental health support
- Financial support for important life events
- Merch shop with rewards system
- Team offsites and company events
