Application Security Engineer

Cyber security is one of the defining topics of our age, and cyber risk represents one of the most significant strategic risks to PwC’s clients. In a recent PwC survey, it remains the top risk in the minds of CEO’s globally. Businesses are changing rapidly, facing disrupted supply chains, rapidly changing workforces and accelerating digital transformation on an unprecedented scale. At PwC we help our clients transform, and our cyber security practice enables them to execute that transformation securely and to become more resilient to cyber security threats. Our cyber security practice operates nationally, and serves clients holistically with strategy, risk and governance advice, and with deep technical implementation and assurance expertise. As one of the largest cyber security specialist consulting practices in the CEE region, we have over 250 practitioners who range from business risk advisors who work with CEOs, CFOs and boards, to transformation specialists who execute major change programmes, to deep technical SMEs who help clients implement controls to secure their businesses from attack, and support them to respond when an attack occurs.

We’re looking for Application Security Engineers to help secure our clients' software products and development pipelines. The ideal candidates have a solid foundation in secure coding practices, understand common vulnerabilities, and can work closely with development and DevOps teams to integrate security throughout the SDLC.
You’ll serve as hands-on contributors, helping developers build secure code, reviewing design and implementation, and automating security testing to enable continuous delivery of secure software.

Key Responsibilities

Conduct secure code reviews, threat modeling, and application security assessments for web, mobile, and API-based applications.
Integrate and maintain security tools (e.g., SAST, DAST, SCA, container scanning) within CI/CD pipelines.
Collaborate with developers to triage, remediate, and verify vulnerabilities identified through automated tools or penetration tests.
Provide security guidance during design and code reviews, promoting secure design patterns and coding best practices.
Develop and maintain secure coding standards, playbooks, and automation scripts to streamline security testing.
Partner with the GRC and Risk teams to ensure compliance with corporate and regulatory security requirements (e.g., ISO 27001, SOC 2, OWASP, GDPR).
Support developer enablement through security training and awareness sessions.
Stay current on emerging security threats, frameworks, and technologies relevant to the software development lifecycle.

Required Qualifications
2–5 years of experience in Application Security, Secure Development, or related areas.
Strong understanding of OWASP Top 10, CWE, and SANS Top 25 vulnerabilities.
Experience with SAST/DAST/SCA tools such as Polaris (Synopsys), Checkmarx, Veracode, Fortify, SonarQube, or similar.
Familiarity with CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins, Azure DevOps).
Working knowledge of one or more programming languages such as Java, JavaScript/TypeScript, Python, C#, or Go.
Understanding of cloud platforms (AWS, GCP, or Azure) and their security models.
Ability to communicate clearly with both technical and non-technical stakeholders.

Preferred Qualifications
Bachelor's degree in computer science, Information Security, Business Information Systems, or equivalent practical experience.
Experience with container and Kubernetes security.
Hands-on experience with threat modelling and API security testing.
Familiarity with Infrastructure as Code (IaC) security (e.g., Terraform, CloudFormation).
Relevant certifications such as OSWE, GWAPT, CSSLP, CEH, or similar.

Soft Skills
Strong analytical and problem-solving skills.
Collaborative mindset and ability to influence developers and DevOps engineers.
Continuous learner who stays up to date with evolving application security trends.

What we offer:

Company training and excellent opportunities for professional and career growth
Challenging and interesting projects
Professional, positive and team-oriented working environment

Competitive salary and comprehensive employee benefit program

Central office location and remote working possibilities

Your skills and experience. Our technology and opportunities. A powerful combination. Be part of the New Equation.

Only short-listed candidates will be contacted.

"PricewaterhouseCoopers Bulgaria EOOD, or PwC Legal Bulgaria Partnership, or PricewaterhouseCoopers Audit OOD, which runs a recruitment process, with its seat and registered address in 9-11 Maria Louisa Blvd., Sofia 1301, Bulgaria („PwC” or “we”) will be the controller of your personal data submitted in your application for a job. Your personal data will be processed for the purpose of performing a recruitment process for the job offered. If you give us explicit consent, your personal data will be also processed for participation in further recruitment processes conducted by PwC and sending notifications about job offers in PwC or job related events organized or with the participation of PwC such as career fair. Full information about processing your personal data is available in our Privacy statement."