Application Security Engineer (AppSec) (H/F)

We are looking for an Application Security Engineer to join an international Cybersecurity Competency Center, contributing to the security of a large portfolio of business-critical applications. This opportunity is ideal for professionals passionate about Application Security, Secure SDLC, Vulnerability Management, and DevSecOps, who want to develop their expertise in a highly collaborative and international environment. Location: Porto, Portugal Work Model: Hybrid (2–3 days per week onsite) About the Role As an Application Security Engineer, you will play a key role in improving application security across multiple development teams by supporting vulnerability management processes, secure development practices, and the integration of security controls throughout the Software Development Life Cycle (SDLC). You will work closely with developers, architects, and cybersecurity specialists to identify, assess, and mitigate security risks while promoting secure coding and application security best practices. Key Responsibilities Application Security & Vulnerability Management Perform and support application security assessments using SAST, DAST, SCA, and Software Composition Analysis tools Analyze, assess, and qualify vulnerabilities identified through multiple security sources Monitor remediation plans and ensure compliance with remediation deadlines Contribute to vulnerability management processes and reporting activities Support the deployment and adoption of application security tooling Secure SDLC & DevSecOps Participate in the implementation and continuous improvement of Secure SDLC processes Collaborate with development teams to integrate security throughout the development lifecycle Support the implementation of security controls and security-by-design principles Contribute to measuring and reporting application security performance indicators Security Awareness & Community Support Promote secure coding practices and application security awareness Participate in AppSec community activities and knowledge-sharing initiatives Support developers in understanding and mitigating application security risks Contribute to security best practices documentation and training materials Mandatory Requirements Minimum 2 years of experience in Cyber Security, Information Security, Application Security, or IT Risk Knowledge of Application Security principles and secure coding practices Strong understanding of OWASP Top 10 vulnerabilities and mitigation techniques Experience with SAST, DAST, and SCA methodologies Experience with vulnerability management processes Understanding of Secure Software Development Life Cycle (SDLC) concepts Professional English communication skills Technical Skills Application Security Secure SDLC Vulnerability Management OWASP Top 10 SAST DAST SCA Security Testing

The ideal candidate has strong experience in Application Security, including vulnerability management, Secure SDLC practices, and security testing methodologies such as SAST, DAST, and SCA. They possess a solid understanding of OWASP Top 10, secure coding principles, and modern application architectures, and are comfortable working closely with development teams to promote security best practices and drive remediation efforts. Strong communication skills and fluency in both English and French are essential to collaborate effectively in an international environment.

act digital is a global digital transformation consulting group. We have more than 5.000 employees worldwide, with offices in Brazil, the United States, Canada, France, Portugal, Germany, Poland, Spain, Belgium, Luxembourg, Morocco and Serbia. We support the world's largest groups across the entire digital product development lifecycle: from digital design to growth and scaling strategies, through software engineering, architecture definition, data engineering and data science solutions. We focus on accelerating the digital transformation of global leaders in their industry. Our group has experienced annual growth of more than 30% for 10 years.