JobHunter AI
Application Security Engineer
PandaDoc
Location
Germany
Work Mode
Remote
Type
Internship
Sector
Ngo
First Seen
2026-07-14
Source
himalayas
Remote Germany NGO IT ERP Data English Intermediate Deadline Unclear Remote
Job Description
<p><strong>As <a href="https://himalayas.app/companies/pandadoc">PandaDoc</a> continues to scale, we’re expanding our security team and looking for an Application Security Engineer to help shape and strengthen our security foundations. In this role, you’ll take ownership of key security initiatives across our application, working closely with engineering to embed security into every stage of development. You’ll contribute to building a proactive, automation-driven security culture while addressing both current risks and emerging challenges, including AI security.</strong></p><h3><strong>In this role, you will:</strong></h3><ul><li>Review, test, and monitor our applications to identify security weaknesses</li><li>Manage vulnerabilities from discovery through remediation, working directly with engineering teams to resolve them</li><li>Respond to infrastructure security alerts and perform hardening, including reviewing roles and permissions across services and APIs</li><li>Participate in incident response and root cause analysis</li><li>Analyze and monitor relevant security threats and prevention measures based on industry trends and standards</li><li>Partner with product, development, and infrastructure teams to embed security requirements into how they build</li><li>Integrate and operate automated security testing across the development lifecycle, including SAST, DAST, SCA, secrets detection, container, and supply chain security</li><li>Develop security automation and tooling to scale security across engineering</li><li>Drive threat modeling and secure-by-design practices across our services</li><li>Assess our overall security posture and identify risks, providing recommendations to strengthen it</li><li>Assist in addressing emergent threats in AI security as <a href="https://himalayas.app/companies/pandadoc">PandaDoc</a> deploys AI in its product and for internal use</li></ul><h3><strong>Our stack:</strong></h3><ul><li>Service-oriented architecture</li><li>Main development stacks: Java/Spring, Python/Django, JavaScript/React</li><li>Docker, Kubernetes</li><li>Amazon Web Services: EKS, RDS, S3, ElastiCache, etc.</li><li>Monitoring stack: Grafana, Loki, Tempo, Mimir</li><li>Source control &amp; CI/CD: GitHub / GitHub Actions</li><li>A combination of AWS native and 3rd party security solutions for infrastructure and application security (WAF, CNAPP, SCA/SAST, DAST, IDS/IPS, etc.)</li></ul><h3><strong>About you:</strong></h3><ul><li>3+ years of experience with application security tools such as SAST/SCA, DAST, WAF, CI/CD security, and penetration testing</li><li>2+ years of cloud security experience implementing security controls and best practices in AWS, GCP, or Microsoft Azure</li><li>Strong background in web application security, including common vulnerability classes (OWASP Top 10, CWE Top 25), attack vectors, and mitigations</li><li>Good understanding of access control and identity management principles (SAML 2.0, OAuth, OIDC, JWT, etc.)</li><l
Language Requirements
{'language': 'English', 'level': 'Intermediate'}