Application Security Engineer

As has grown with incredible speed, our teams created a lot of microservices. This was a trigger for the creation of the Platform team which then gained some control over those. As the number of services grew, even more, we naturally split into separate squads, one of them being focused on Application Security.

    What you can actually work on?

  • SDL – to help teams with security decisions and to prevent them from introducing new security flaws without introducing friction.
  • Bug Bounty Program – triaging vulnerabilities from the world’s best hackers on our (currently private) HackerOne program.
  • Cloud Security – cooperating with our infrastructure squad to secure our Kubernetes and Google Cloud Services with new shiny tools like IAP, Istio or Vault.
  • Best Practices – creating secure development practices and programs for our engineering teams and external developers
  • Automation – writing tools to help with the automation of tedious security tasks, e.g. helping with security checks in The Zoo or maintain services such as Security Monkey.
  • Community – building internal security awareness among developers, making internal security workshops or helping the external community by organizing and speaking on meetups
  • The Platform Team

  • We are a group of passionate developers who like to do stuff the right way.
  • We are happy to write open-source code that gives back to the community.
  • In the AppSec squad, we mostly spend our free time playing games, playing CTFs or hacking other companies as bug bounty hunters.
  • What we would like to see?

  • Curiosity
  • CTF or bug bounty experience
  • Background in software engineering
  • Open source projects or public speaking engagements
  • Experience with manual secure code review in JavaScript, Python, Go, Kotlin or Swift
  • Experience with GCP, Docker, Kubernetes, Istio or microservices
  • Some experience with GitLab CI, DAST, SAST, Burp Suite, dependency or container scanning tools
  • Awareness of serverless or GraphQL
  • What we need from you?

  • Some knowledge of Python or Go
  • Be comfortable with Linux
  • Understanding of common web security flaws like XSS or SSRF
  • Willingness to learn and experiment
  • Be able to read this job listing without Google Translate
  • Why it rocks to be at

  • Challenging SDL, as we deploy immediately after a job is completed, not after months of QA.
  • Do, fail, learn — repeat! We understand that mistakes happen and we learn fast.
  • We decide which cutting-edge technologies are appropriate for the task. This includes Identity Aware Proxy, Istio, Vault or GitLab Ultimate
  • We love contributing to Open Source
  • We share our practices by writing articles to and speaking at conferences and technological events worldwide. For example Our Comprehensive Guide to Python Dependencies
  • We code at hackathons and hack at CTF competitions
  • We support the local technological community and support the organization of OWASP meetups.
  • We use our work time wisely with a friendly vacation policy and work schedule.
  • We also like to party and hang out together.
  • Dogs, kids, and parties are welcome in our offices.
  • Besides a fair salary, we can also look forward to quarterly bonuses dependent on our performance
  • We work, play, relax, workout and even nap in our offices (complete with sauna, gym, masseur, sleeping rooms, canteen, chillout zones, free refreshments, etc.)
  • We also enjoy standard benefits, such as Sodexo Gastropass for meals and Flexipass for hobbies, sick days, VIP Medical Care, flight vouchers, and a multisport card
  • Thanks for reading this far! That probably means you’re really excited about this position, we like that!
  • Are you tired of doing security the old way? You have good ideas, but you are not able to bring them to reality in your current company? Would you like to work with cutting edge technologies and you would like to play with it more on company wide level? If answer to any of those question is yes, don’t hesitate and apply today!
We offer you
•We give our employees the freedom to choose between the environment of work from home and our office in Prague, situated in the heart of the Karlin district with an in-house gym, sleeping spots, canteen, showers, chillout zones, and free refreshments.
•We enjoy benefits, such as meal vouchers, 25 days of paid vacation, Cafeteria, sick days, VIP Medical Care, Multisport card, Makro Cash & Carry Card, Employee Assistance Program, and career development framework.
•The latest version of Hardware from Apple or Microsoft based on your preferences. 
•Unlimited contracts within a forward-thinking and ambitious company.
•Relocation package (including visa transfer support).
•We’re rewarding Kiwis with flight vouchers to celebrate their Kiwi anniversaries. 
•Grow.Kiwi program which supports parents and keeps them engaged with the company. 
•Dogs, kids, and parties are welcome in our offices.
Interested? Join us and hack the traditional ways of travel! is proud to be an equal opportunity workplace and employer. We review applications for employment without regard to their race, colour, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, uniformed services, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.
Throughout the recruitment process and for some time after it’s finished, we’re going to process your Personal Data. You can find all the necessary information in our Privacy Policy available at:

kIT RecruiterKatarína Daniš

Linkedin profile

Curious about what you're getting into?

We all share the same passion, but each team has its own spirit. Find out if this one is the right fit for you.

Get to know the team


Tech community events in 2021

To meet talented people, we organize and join tech events. We talk about what we do and how we do it, and we connect with others. Visit to see where you can find us.



a job alert

Drop us a resume