Application Security Engineer EMEA F - M - D H/F - 75

Founded in 2020, Flowdesk is a regulated, full-service digital asset trading and technology firm that specializes in market making, OTC, and treasury management services.

With offices globally, we have engineered a trading infrastructure that integrates more than 120 centralized and decentralized exchanges. Combining proprietary technology with significant experience from traditional markets and algorithmic trading, Flowdesk brings control and transparency to digital asset markets.Flowdesk's mission is to build a global financial institution for digital assets, one designed from the ground up for market integrity and efficiency.

To achieve this in a rapidly evolving market, we apply a disciplined, first-principles approach to everything we do. This approach is embedded in our core services, from institutional liquidity provision, trading solutions, OTC execution to our comprehensive treasury management offerings. This is how we cut through the noise and build robust and scalable systems across all our business lines.

Therefore, we seek individuals who are driven by this systematic approach. Joining Flowdesk means you will be a key contributor in building and scaling a more transparent and efficient financial markets infrastructure.

As an Application Security Engineer at Flowdesk, you will drive security improvements for our software development lifecycle by integrating automated security testing, supporting development teams, and manually testing critical systems.

Your daily mission will be to

- Integrate, configure, and manage SAST, DAST, and SCA tools within CI/CD pipelines (e.g., GitLab CI, GitHub Actions, Jenkins) to enable rapid developer feedback.
- Be the security subject-matter expert for development teams: conduct threat modeling, security design reviews, and provide hands-on mitigation recommendations.
- Execute manual penetration testing on web apps, APIs, mobile apps, and cloud infrastructure, uncovering vulnerabilities not detectable by automated tools.
- Triage, validate, and prioritize vulnerabilities; work with developers to ensure timely resolution.
- Participate in and review the security of blockchain applications and smart contracts, identifying vulnerabilities such as re-entrancies, integer overflows, and improper logic.
- Contribute to a wide range of cybersecurity initiatives beyond AppSec, assisting with projects in vulnerability management, cloud security, data protection, and governance, risk & compliance to strengthen our overall security posture