Application Security Engineer

-- DIRECT HIRE
-- FULLY REMOTE (PHILIPPINES)

About Aphex
At Aphex, we're on a mission to make it easier for construction teams to get on the same page with a live, multiplayer planning platform. Instead of juggling spreadsheets, whiteboards, and outdated systems, we build tools that allow anyone on a project to plan and communicate their work.

Our customers are the largest construction contractors responsible for the tunnels, roads, bridges, and buildings we use daily. Our users are the engineers managing and planning these incredible projects.

We've already made an impact since launching our V1 in the UK in 2019 and entering the Australian market in 2022; we've become the leading solution in both markets. With a strong product-market fit in these markets, we're looking to continue to scale our product team, and we're looking for people who are energised by the idea of improving an industry that contributes to around 13% of global GDP.


The Role
We're looking for a Mid / Senior level Application Security Engineer to strengthen our security posture and help build robust, secure systems that our customers can trust. You'll work across our entire technology stack to implement security best practices, conduct security assessments, and build security automation tools.


What You'll Do
- Lead application security initiatives across our platform
- Implement and maintain security standards based on OWASP Top 10 and SANS Top 25
- Conduct secure code reviews across multiple languages (Python, TypeScript, Go, Kotlin, Flutter)
- Design and implement security automation in our CI/CD pipeline using GitHub Actions and Cloud Build
- Perform threat modelling using STRIDE methodology
- Manage containerisation security with Docker
- Participate in penetration testing across web, mobile, and cloud platforms
- Implement and maintain security tooling (SAST, DAST, SCA)
- Design and maintain secure network architecture (VPC, Firewalls)
- Participate in iUpgrade to see actual info response
- Provide security training and guidance to development teams


Required Skills & Experience:

Application Security
- Deep understanding of OWASP Top 10 and SANS Top 25
- Experience with web application security best practices

Secure Coding
- Proficiency in security code review for Python and TypeScript/JavaScript
- Experience with secure coding practices in Go
- Understanding of security patterns in Kotlin and Flutter

CI/CD Security
- Experience with GitHub Actions security integration
- Knowledge of secure cloud build practices

Cloud & Infrastructure
- Experience with GCP security features
- Knowledge of Infrastructure as Code security (Terraform)
- Understanding of containerisation security (Docker)

Threat Modelling
- Experience with STRIDE methodology
- Ability to create and maintain threat models

Security Testing
- Proficiency in web and mobile penetration testing
- Experience with cloud security testing

Security Tooling
- Experience with SAST, DAST, and SCA tools
- Knowledge of vulnerability management systems

Networking
- Strong understanding of VPC architecture
- Experience with firewall configuration and management

Preferred Qualifications
- OSCP, OSWA, OSWE, or equivalent security certifications
- Experience with iUpgrade to see actual info response
- Cloud security certifications
- Experience securing construction or engineering software


Our Values in Action

Win Together
Security is a team sport. You'll work closely with development teams to build security into our processes from the ground up, sharing knowledge and fostering a security-first mindset across the organisation.

Make Ourselves Proud
We take pride in building secure, reliable systems that our customers can trust with their most sensitive data. You'll help establish and maintain the highest security standards in everything we do.

Take Ownership
You'll have the autonomy to shape our security strategy and the responsibility to ensure its successful implementation. We're looking for someone who proactively identifies security challenges and drives solutions.

Build for Tomorrow
Security threats evolve constantly. You'll help build sustainable security practices that can adapt to new challenges and scale with our growth.



Growth and Development

Here's a real example of career progression at Aphex:
"Jec joined us as a Full Stack Developer four years ago. He leads our Application Pod today, having grown through various technical and leadership roles. His journey included leading critical projects, mentoring junior developers, and helping shape our technical architecture. We support similar growth paths for all our teaUpgrade to see actual infombers through structured mentorship, learning opportunities, and increasing responsibilities."



Benefits
- A high-performing team: Be part of and contribute to a genuinely collaborative and motivated team.
- Flexibility: Remote-first working.
- Genuine development: Ongoing training, learning, and coaching to improve daily, with regular team events and knowledge-sharing sessions.
- Focus on culture: At Aphex, we are serious about making a real impact together and strive to walk the talk every day.


How to apply?
PLEASE SEND UPDATED 'RESUME' at Upgrade to see actual info