⭐ Who we are

Lodgify is not just any startup, we're a fast-growing company leading the vacation rental industry with our innovative software. And we raised $30M to do exactly that!

Our platform empowers property owners and managers to efficiently manage and market their rental businesses online. We are an international team of more than 350 people and over 60 different nationalities, founded in the heart of sunny Barcelona.

⭐ Role Overview

Are you experienced in SaaS product development and passionate about cybersecurity? We're seeking a skilled Application Security Engineer to enhance our Software Development Life Cycle's security, automate workflows, review code, identify vulnerabilities, and contribute to overall application security.

If you're ready to make a significant impact in a fast-paced environment, apply now to join us in safeguarding cutting-edge SaaS products!

⭐ How will you make an impact?

• Lead the Implementation of Secure Development Practices: Work on a Secure Software Development Life Cycle (SSDLC) adoption, and integrate security practices into Lodgify’s existing development methodology.
• Work with our development teams by designing/reviewing technical solutions to avoid security weaknesses.
• Identify tools and processes needed to implement an application security program.
• Implement security-focused activities such as threat modeling, secure coding practices, code reviews, and security testing throughout the development process.
• Educate and encourage developers to follow secure coding best practices.
• Manage and enhance our existing bug bounty program, taking ownership of the coordination and resolution of vulnerabilities reported by external researchers. Review and understand issues, and provide guidance to our developers on how to fix them.
• Optimise our WAF protection against common Web Application vulnerabilities and attacks (Cloudflare).
• Contribute to improving the security of our public API, providing security recommendations and solutions.

⭐ What makes you a great fit?

• 3+ years of experience in an Application Security Engineer role, preferably in a SaaS company.
• In-depth knowledge of web application security, including common vulnerabilities, attack vectors, and mitigation techniques.
• Solid knowledge of OWASP Top 10 and understanding of OWASP testing guide.
• Demonstrated experience in threat modeling and identifying security issues through code review.
• Demonstrated experience in deploying SAST and DAST solutions and verifying their results.
• Proficiency in understanding and analyzing code in different programming languages (e.g. .NET, ReactJS, Flutter, Python, Bash).
• Familiar with API security tools and processes.
• Ability to work collaboratively with cross-functional teams, including developers, QAs and DevOps engineers.
• Able to inculcate security culture among development teams.

⭐ How can you earn extra bonus points?

• Experience with WAF administration (Cloudflare).
• Familiar with code management systems, CI/CD, Kubernetes, and microservices architecture.
• Familiar with managing external penetration testing processes and results.

Why you’ll love us:

You’ll be part of a growing, dynamic company with a truly international team. At Lodgify, we are full of contagious energy, hard work, and passion for what we do. We celebrate diversity and are proud to acknowledges a variety of backgrounds, perspectives and skills in our team; committed to creating a workplace where everyone is heard and feels a sense of belonging.

What's in it for you?*

? The freedom to work from home.

?Salary in EUR!

? Great culture & working environment with an international team of over 60 different nationalities.

? Travel to our biyearly team-building events in Barcelona at company's expense.

? Boost your earning potential with our referral program that offers paid compensation.

? Dive into a career adventure with endless opportunities for growth and development.

? Spice up your remote work routine with a dash of fun! Join us for virtual team activities.

*Benefits offered may differ based on the type of contract that is issued

So, what are you waiting for? Apply now!

All applications and CVs must be submitted in English ?