Application Security Engineer

Czechia·Praguemid

EngineeringSecurity Engineer

0 views0 saves0 applied

Apply Now

Quick Summary

Requirements Summary

- Strong hands-on knowledge of common web and API security issues, authentication and session management concepts, secrets handling, and secure coding fundamentals.

Technical Tools

EngineeringSecurity Engineer

Wrike is the most powerful work management platform. Built for teams and organizations looking to collaborate, create, and exceed every day, Wrike brings everyone and all work into a single place to remove complexity, increase productivity, and free people up to focus on their most purposeful work.

Our vision: A world where everyone is free to focus on their most purposeful work, together.

About the Role

~1 min read

We’re looking for an Application Security Engineer to help our product teams build and ship securely by default. In this role, you will work closely with engineering teams to identify risks early, strengthen secure design and coding practices, and enable teams to release features safely without creating unnecessary friction.

This is a hands-on AppSec role for someone who can independently own recurring security work across multiple teams. You should be comfortable reviewing architecture and code, validating findings, guiding remediation, and making practical recommendations that balance security, product priorities, and delivery speed.

- Own recurring Application Security activities for multiple product teams, including secure design reviews, threat modeling, code review, testing validation, and remediation guidance.

- Assess vulnerabilities and findings from scanners, testing, bug reports, and internal reviews; distinguish meaningful risk from noise and help teams focus on the most important issues.

- Validate security fixes and recommend compensating controls or practical alternatives when ideal remediation is not immediately possible.

- Improve day-to-day AppSec workflows by tuning checks, refining rules, improving triage quality, and integrating security more effectively into developer workflows and CI/CD pipelines.

- Help engineers understand security findings in practical product terms by providing clear prioritization and actionable remediation guidance.

- Contribute to secure-by-default development practices by reinforcing standards, reference patterns, and review expectations.

- Use structured AI workflows to support complex AppSec analysis, such as broader codebase review, design decomposition, review preparation, and documentation synthesis, while maintaining clear guardrails around prompt and context hygiene, human oversight, and output quality.

Requirements

~1 min read

- Strong hands-on knowledge of common web and API security issues, authentication and session management concepts, secrets handling, and secure coding fundamentals.

- Proven experience conducting secure code reviews in modern engineering environments, especially in Java, TypeScript, and PHP, with the ability to clearly explain security flaws and collaborate on effective remediation.

- Experience leading or facilitating routine threat modeling for product features or services and translating outcomes into actionable security requirements.

- Experience managing Application Security tools such as SAST, SCA, DAST, and secrets scanning solutions, as well as bug bounty platforms, with a focus on CI/CD integration, false positive reduction, and signal quality improvement.

- Working knowledge of OAuth/OIDC, service-to-service authentication, secrets management, and foundational cloud or container security concepts.

- Ability to prioritize findings based on exploitability, exposure, business impact, and remediation effort rather than relying on severity labels alone.

- Strong written and verbal communication skills, with the ability to work effectively with engineers, technical leads, and product stakeholders.

- Sound judgment when using AI-assisted workflows, treating AI as a copilot rather than an authority and validating correctness, exploitability, and business context before taking action.

- Experience building AppSec automations, improving developer workflows, or tuning security controls in CI/CD environments.

- Experience delivering practical secure coding guidance or lightweight internal security training.

- Background in privacy-sensitive systems, cloud-native services, or multi-service architectures.

- Experience supporting security for AI/ML product features, model-integrated systems, or governance of AI-assisted engineering workflows.

You will partner closely with backend, frontend, mobile, platform, QA, and product teams on a daily basis, while also collaborating with peers across security, infrastructure, and compliance. Success in this role will require building trusted relationships with engineers, communicating clearly, and translating security concerns into practical guidance that teams can adopt quickly.

This is a collaborative, hands-on role embedded in the software development lifecycle. You will work closely with product and engineering teams to integrate security into design, development, and delivery processes, helping create secure-by-default outcomes without slowing teams down.

You’ll use a combination of secure review practices, threat modeling, AppSec tooling, CI/CD integrations, and structured AI-assisted analysis to support high-quality security decisions. What makes this role especially impactful is the opportunity to influence both product security posture and developer experience at scale, helping teams move fast while building securely.

Why Join Wrike?

5 Weeks of paid vacation
Sick Leave Compensation
- 5 Paid Uncertified Sick Days
- 2 weeks fully paid w/ medical certificate, additional 4 weeks paid at 80% salary rate

Parental Leave (fully paid): 18 Weeks Maternity / 4 Week Paternity
2 Volunteer Days
Meal Vouchers (CZK 220 per working day)
Annual Prague Travel Card (Lítačka)
Hybrid Working Model
Benefit budget with flexible options, including a MultiSport card, Canadian Medical membership, contributions to a pension savings plan and additional choices available through Benefit Plus

Intro call with a Recruiter
Technical interview
Cultural interview

Your recruitment buddy will be Aleksandar Chernev, Senior Technical Recruiter.

#LI-AC1

We’re a team of innovators and creators who solve the complex work problems of today and tomorrow.

Hybrid work mode

Wrike is our people, not a place. With 1,000+ employees collaborating across nearly every time zone, we support talent through 10 global hubs — Australia, Costa Rica, Cyprus, Czechia, Estonia, France, India, Ireland, Japan, and the United States — offering flexible ways of working that include remote work, hybrid environments, and co-working spaces across many locations.

While flexibility looks different across teams and regions, employees located near certain hubs — particularly in Prague (CZ), Nicosia (CY), Bangalore (IN), and Rennes (FR) — are generally expected to collaborate in person around 2–3 days per week, balancing the flexibility of distributed work with opportunities for in-person collaboration and connection.

💡 Smart: We love what we do, and we’re great at it because this is our domain. Our combined knowledge in this space is unmatched.

💚 Dedicated: We get up every day focused on helping our customers win. We’re committed to helping our teammates win, too!

🤗 Approachable: We're friendly, easy to get along with, considerate, and helpful.

We believe in ownership at all levels of the organization, by owning workflows from start to finish. Each member of our team is an integral part of this commitment, establishing work as a platform for personal growth and transformation, as well as collective success and growth.

Check out our LinkedIn Life Page, Company culture page, Instagram, Wrike Engineering Team, Medium, Meetup.com, Youtube for a feel for what life is like at Wrike.