Provido Global
Application Security Manager
Job description
About Kairostek
At Kairostek, we believe great technology starts with great people.
We foster a culture of innovation, collaboration, and continuous growth, empowering our team to make a meaningful impact while building solutions that shape the future. Our teams work across software engineering, artificial intelligence, cloud infrastructure, cybersecurity, digital products, payments technology, and technology operations to deliver scalable and innovative solutions for global organizations.
If you are passionate about technology, problem-solving, and continuous learning, we would love to hear from you.
About the Role
The Application Security Engineer is responsible for embedding security across the software development lifecycle, conducting threat modeling, secure code review, and vulnerability assessments to protect enterprise and player-facing applications. This role is well suited to experienced security professionals with strong knowledge of secure coding practices, web, mobile, and API security, and modern DevSecOps tooling. The engineer partners with development teams to identify and remediate vulnerabilities, integrate security testing into CI/CD pipelines, and champion secure-by-design principles. The role is based on-site in Limassol and is designed for candidates who can collaborate effectively with global engineering, product, and operations teams.
Key Responsibilities
Perform security assessments of web, mobile, and API-based applications, including manual testing and automated scanning.
· Conduct threat modeling and secure design reviews during application architecture and design phases.
· Review source code (manually and with SAST tooling) to identify and remediate vulnerabilities such as injection, broken authentication, insecure deserialization, and business logic flaws.
· Integrate and tune SAST, DAST, SCA, and IAST tools within CI/CD pipelines to shift security left.
· Partner with development teams to triage findings, prioritize remediation, and provide secure-coding guidance and training.
· Track and report on application security metrics, vulnerability trends, and remediation SLAs to engineering leadership.
· Support incident investigations involving application-layer issues and contribute to root-cause analysis and preventive controls.
· Maintain awareness of OWASP Top 10, CWE/SANS Top 25, and emerging threats relevant to gaming, fintech, and digital services.
Qualifications & Experience
· Bachelor's degree in Cybersecurity, Computer Science, Software Engineering, or a related discipline.
· 3-5 years of experience in application security, secure software development, or penetration testing.
· Strong understanding of web application security, OWASP Top 10, and secure coding practices in languages such as Java, C#, Python, JavaScript/TypeScript, or Go.
· Hands-on experience with SAST, DAST, and SCA tools (e.g., Checkmarx, Veracode, Burp Suite, SonarQube, Snyk).
· Experience integrating security testing into CI/CD pipelines (Jenkins, GitLab CI, GitHub Actions, or Azure DevOps).
· Experience securing applications in the gaming industry, including familiarity with anti-cheat, in-game economy abuse, account takeover, fraud, and platform-specific risks across PC, mobile, and console environments.
· Strong analytical, communication, and documentation skills, with the ability to work effectively alongside engineering and product teams.
· Working proficiency in English to support multinational teams and stakeholders.
· Availability to work on-site in Limassol, Cyprus.
Preferred
· Professional certifications such as OSCP, OSWE, GWAPT, CSSLP, CISSP, or equivalent.
· Experience with cloud-native application security across AWS, Azure, or GCP, and with container and Kubernetes security.
· Familiarity with mobile application security (iOS, Android) and reverse engineering techniques.
· Contributions to bug bounty programs, CTF competitions, or open-source security tooling.
· Knowledge of regulatory and compliance frameworks relevant to gaming and digital services, such as PCI-DSS, GDPR, and ISO 27001.
· Experience with API security, GraphQL, microservices, and event-driven architectures.
· Exposure to game engines and platforms (e.g., Unity, Unreal) and an understanding of common gaming-specific threat vectors.
What We Offer
Competitive compensation package.
Flexible and remote-friendly work environment.
Professional growth and development opportunities.
Exposure to international projects and teams.
Collaborative and inclusive company culture.
Opportunity to work with modern technologies and innovative solutions.
Equal Opportunity Employer
Kairostek is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We welcome applications from qualified candidates regardless of race, ethnicity, gender, age, disability, religion, sexual orientation, or background.


