Submitting more applications increases your chances of landing a job.

Here’s how busy the average job seeker was last month:

Opportunities viewed

Applications submitted

Keep exploring and applying to maximize your chances!

Looking for employers with a proven track record of hiring women?

Click here to explore opportunities now!
We Value Your Feedback

You are invited to participate in a survey designed to help researchers understand how best to match workers to the types of jobs they are searching for

Would You Be Likely to Participate?

If selected, we will contact you via email with further instructions and details about your participation.

You will receive a $7 payout for answering the survey.


User unblocked successfully
https://bayt.page.link/QbbQz3Td1NViMRft9
Back to the job results

Senior Application Security Specialist

30+ days ago 2026/11/05
Other Business Support Services
Create a job alert for similar positions
Job alert turned off. You won’t receive updates for this search anymore.

Job description

ABOUT YOU

We are looking for a senior application security specialist to join a growing security team at Xsolla. This is a hands-on role where you will own security initiatives end-to-end - identifying, assessing, and driving remediation of security vulnerabilities across our products and infrastructure.
You will lead day-to-day AppSec work - deep code reviews, vulnerability triage, threat modeling, and security testing - and set the standards for how this work is done. You are rigorous, pragmatic, and able to balance security risk against business velocity in a payment platform operating at scale.


You will also mentor junior specialists and help raise the security bar across engineering teams.



ABOUT US
Xsolla is a global commerce company with robust tools and services to help developers solve the inherent challenges of the video game industry. From indie to AAA, companies partner with Xsolla to help them fund, distribute, market, and monetize their games. Grounded in the belief in the future of video games, Xsolla is resolute in the mission to bring opportunities together, and continually make new resources available to creators. Headquartered and incorporated in Los Angeles, California, Xsolla operates as the merchant of record and has helped over 1,500+ game developers to reach more players and grow their businesses around the world. With more paths to profits and ways to win, developers have all the things needed to enjoy the game.
For more information, visit xsolla.com.


Responsibilities


  • Own Vulnerability Management - Lead triage of bug bounty reports and scanner findings. Set severity standards, drive escalation policy, and ensure remediation SLAs are met across teams.


  • Lead Security Assessments - Plan and conduct in-depth security assessments and penetration tests of web applications, APIs, and services. Define assessment scope and methodology.


  • Drive Threat Modeling - Facilitate threat modeling sessions with engineering teams. Identify trust boundaries, data flows, and attack surfaces early in the design phase, and embed the practice into the SDLC.


  • Own AppSec Tooling Strategy - Select, operate, and tune SAST, DAST, SCA, and secrets-scanning tooling. Design noise-reduction and auto-triage workflows; integrate security gates into CI/CD.


  • Lead Secure Code Reviews - Perform security-focused code reviews across PHP, Python, and Go codebases. Define secure coding guidelines and review checklists for engineering teams.


  • Mentor and Educate - Coach junior security specialists, run internal security training, and champion security awareness among developers.


  • Write Clear Security Documentation - Document findings, reproduction steps, and remediation guidance in a way engineering teams can act on. Set the documentation standard for the team.



What You Bring


    • 4+ years in application security or a closely related security engineering role, with demonstrable ownership of AppSec programs or major initiatives.


    • Deep Web Security Expertise - Expert-level understanding of vulnerability classes (OWASP Top 10 and well beyond: SSRF, deserialization, request smuggling, OAuth/OIDC flaws, business logic abuse). You understand root causes, exploitation chains, and realistic impact in production systems.


    • Offensive Testing Proficiency - Extensive hands-on experience with Burp Suite and manual testing methodology. You can find vulnerabilities that scanners miss and chain low-severity issues into meaningful impact.


    • Code Fluency - Comfortable reading and auditing code in at least one of: PHP, Python, Go, JavaScript. Able to trace data flows across services and spot vulnerable patterns without runtime access.


    • Secure SDLC Experience - Practical experience embedding security into development workflows: security requirements, design review, CI/CD security gates, and developer enablement.


    • Risk Communication - You can calculate and defend real severity, push back on inflated findings, and explain risk to both engineers and leadership in their own language.


    • Analytical Thinking - You reason through problems methodically and can explain not just what a vulnerability is, but why it exists, how it is exploited, and what fixing it actually requires.


    • Ownership and Follow-Through - You drive findings to resolution across team boundaries without being asked.




Nice to Have


    • Track record in bug bounty programs (accepted reports on major platforms) or notable CTF results;


    • Strong automation skills - Python or Go for building internal security tooling;


    • Experience securing cloud-native environments - GCP preferred; Kubernetes security a plus;


    • Advanced certifications - OSWE, OSCP, BSCP, or GWAPT;


    • Experience in payments, fintech, or other regulated environments (PCI DSS familiarity);


    • CVE credits, public security research, or conference talks.




This job post has been translated by AI and may contain minor differences or errors.
You’ve reached the maximum limit of 15 job alerts. To create a new alert, please delete an existing one first.
Job alert created for this search. You’ll receive updates when new jobs match.
Are you sure you want to unapply?

You'll no longer be considered for this role and your application will be removed from the employer's inbox.