كلما زادت طلبات التقديم التي ترسلينها، زادت فرصك في الحصول على وظيفة!
إليك لمحة عن معدل نشاط الباحثات عن عمل خلال الشهر الماضي:
عدد الفرص التي تم تصفحها
عدد الطلبات التي تم تقديمها
استمري في التصفح والتقديم لزيادة فرصك في الحصول على وظيفة!
هل تبحثين عن جهات توظيف لها سجل مثبت في دعم وتمكين النساء؟
اضغطي هنا لاكتشاف الفرص المتاحة الآن!ندعوكِ للمشاركة في استطلاع مصمّم لمساعدة الباحثين على فهم أفضل الطرق لربط الباحثات عن عمل بالوظائف التي يبحثن عنها.
هل ترغبين في المشاركة؟
في حال تم اختياركِ، سنتواصل معكِ عبر البريد الإلكتروني لتزويدكِ بالتفاصيل والتعليمات الخاصة بالمشاركة.
ستحصلين على مبلغ 7 دولارات مقابل إجابتك على الاستطلاع.
We are looking for a senior application security specialist to join a growing security team at Xsolla. This is a hands-on role where you will own security initiatives end-to-end - identifying, assessing, and driving remediation of security vulnerabilities across our products and infrastructure.
You will lead day-to-day AppSec work - deep code reviews, vulnerability triage, threat modeling, and security testing - and set the standards for how this work is done. You are rigorous, pragmatic, and able to balance security risk against business velocity in a payment platform operating at scale.
You will also mentor junior specialists and help raise the security bar across engineering teams.
Responsibilities
Own Vulnerability Management - Lead triage of bug bounty reports and scanner findings. Set severity standards, drive escalation policy, and ensure remediation SLAs are met across teams.
Lead Security Assessments - Plan and conduct in-depth security assessments and penetration tests of web applications, APIs, and services. Define assessment scope and methodology.
Drive Threat Modeling - Facilitate threat modeling sessions with engineering teams. Identify trust boundaries, data flows, and attack surfaces early in the design phase, and embed the practice into the SDLC.
Own AppSec Tooling Strategy - Select, operate, and tune SAST, DAST, SCA, and secrets-scanning tooling. Design noise-reduction and auto-triage workflows; integrate security gates into CI/CD.
Lead Secure Code Reviews - Perform security-focused code reviews across PHP, Python, and Go codebases. Define secure coding guidelines and review checklists for engineering teams.
Mentor and Educate - Coach junior security specialists, run internal security training, and champion security awareness among developers.
Write Clear Security Documentation - Document findings, reproduction steps, and remediation guidance in a way engineering teams can act on. Set the documentation standard for the team.
What You Bring
4+ years in application security or a closely related security engineering role, with demonstrable ownership of AppSec programs or major initiatives.
Deep Web Security Expertise - Expert-level understanding of vulnerability classes (OWASP Top 10 and well beyond: SSRF, deserialization, request smuggling, OAuth/OIDC flaws, business logic abuse). You understand root causes, exploitation chains, and realistic impact in production systems.
Offensive Testing Proficiency - Extensive hands-on experience with Burp Suite and manual testing methodology. You can find vulnerabilities that scanners miss and chain low-severity issues into meaningful impact.
Code Fluency - Comfortable reading and auditing code in at least one of: PHP, Python, Go, JavaScript. Able to trace data flows across services and spot vulnerable patterns without runtime access.
Secure SDLC Experience - Practical experience embedding security into development workflows: security requirements, design review, CI/CD security gates, and developer enablement.
Risk Communication - You can calculate and defend real severity, push back on inflated findings, and explain risk to both engineers and leadership in their own language.
Analytical Thinking - You reason through problems methodically and can explain not just what a vulnerability is, but why it exists, how it is exploited, and what fixing it actually requires.
Ownership and Follow-Through - You drive findings to resolution across team boundaries without being asked.
Nice to Have
Track record in bug bounty programs (accepted reports on major platforms) or notable CTF results;
Strong automation skills - Python or Go for building internal security tooling;
Experience securing cloud-native environments - GCP preferred; Kubernetes security a plus;
Advanced certifications - OSWE, OSCP, BSCP, or GWAPT;
Experience in payments, fintech, or other regulated environments (PCI DSS familiarity);
CVE credits, public security research, or conference talks.
لن يتم النظر في طلبك لهذة الوظيفة، وسيتم إزالته من البريد الوارد الخاص بصاحب العمل.