Application Security Engineer (Dubai-based role | up to 35,000 AED/month) Full Time

We’re hiring an Application Security Engineer to help a high-growth product team build security into the way software is designed, shipped, and scaled without slowing delivery down.

This is a hands-on, engineering-first AppSec role. You’ll own secure SDLC practices end-to-end, embed security tooling into CI/CD, lead threat modelling and design reviews, and partner closely with developers, product, cloud and infrastructure teams to reduce real risk in real systems.

If you enjoy being the person who makes security practical (not theoretical), and you can translate “security requirements” into clear engineering actions, you’ll do well here.

What you’ll be doing

• Own and evolve the Secure SDLC: security requirements early, clear checkpoints, measurable gates, predictable delivery
• Run and improve AppSec tooling: SAST, SCA, DAST; integrate into CI/CD with risk-based thresholds and sensible build policies
• Reduce noise and increase signal: tune rules to cut false positives while keeping strong coverage on high-impact issues
• Drive dependency & supply chain security: approved components, vulnerability response, upgrade/mitigation coordination
• Lead threat modelling for new services and major changes: map data flows, trust boundaries, threats, and countermeasures
• Perform security design reviews across authentication, authorization, session management, input/output handling, tenant isolation
• Strengthen API and web security standards: identity patterns, token usage, rate limiting, schema validation, runtime protections
• Coordinate penetration tests and focused assessments; track remediation end-to-end and verify fixes
• Enable developers: secure coding guidelines, practical workshops, and a security champions-style community
• Define metrics and reporting: secure SDLC adoption, issue trends, tool coverage, remediation throughput, and risk posture

What we’re looking for

• Solid experience in Application Security / Product Security with close day-to-day work alongside engineering teams
• Strong understanding of web and API security (mobile exposure is a plus)
• Hands-on experience with secure SDLC, automated security testing, dependency management, and remediation workflows
• Comfortable reading and reasoning about code in at least one modern language and giving actionable guidance
• Experience running threat modelling, design reviews, and application security testing
• Clear communicator who can keep security practical and delivery-friendly

Package

• Up to 35,000 AED per month (depending on experience)

If you’re the kind of AppSec engineer who can build repeatable security practices, earn trust with developers, and raise the security bar without adding bureaucracy