Senior application security analyst

Apply
Apply

Share

successfully icon

Successfully

The vacancy has been successfully added to favorites

location icon

Belgrade, Serbia

address icon

Serbia, 11070, Belgrade, Tadije Sondermajera 11

specialization icon

Application Security

lob icon

Cross Industry Solutions

date icon

09/07/2026

Req. VR-123953

Apply
Project description

We are a team of Application Security enthusiasts who have been helping create secure applications for a huge telecom provider in Europe for over 15 years.
We know how to break apps and how to make them unbreakable.

Responsibilities
bullet icon

Development of security requirements at early stages of the product life cycle.

bullet icon

Preparation of test scenarios for an audit that are based on business requirements, technical documentation for a project and a list of affected systems.

bullet icon

Identification of defects and vulnerabilities in new and existing software products using the following methods:

bullet icon

Static code analysis (mainly Java and J2EE applications, iOS and Android mobile apps) using HPE-MicroFocus Fortify SCA;

bullet icon

Dynamic code analysis and scanning for vulnerabilities using Burp Suite and OWASP ZAP;

bullet icon

Manual penetration tests on software products deployed on a test environment.

bullet icon

Development of recommendations for software developers for addressing the security flaws identified.

bullet icon

Optimization and automation of the audit process.

bullet icon

Configuration (creation of new rules) of SAST and DAST tools.

Skills

Must have

bullet icon

Understanding of architecture and working principles of modern web applications.

bullet icon

English level: Upper

bullet icon

Intermediate.

bullet icon

Higher education in IT or math

bullet icon

Strong knowledge of basic concepts of information security.

bullet icon

Strong knowledge of defect types (CWE/SANS Top 25 Most Dangerous Software Errors), vulnerabilities and information security risks in web and mobile applications (OWASP Top 10), as well as ways of detecting and mitigating them.

bullet icon

More than 2 years of working experience as Application Security Engineer or on a similar position (Penetration testing, etc.).

bullet icon

Strong knowledge of programming languages (Java) and scripting languages (Python, powershell, bash).

Nice to have

bullet icon

Relevant information security certifications: OSCP, CEH, OSWE.

bullet icon

Knowledge of/experience with international information security standards and personal data protection standards: ISO 27XXX, PCI DSS, GDPR, etc.

bullet icon

Knowledge of/experience with information security standards and frameworks: SAML, OAuth, WS-Security, X.509, SAML, JAAS, SSL/TLS, OpenSSO, OpenIAM, etc.

bullet icon

Experience in CTF or bug bounty programs.

bullet icon

Experience in web or mobile apps development.

Other
seniority icon

Languages

English: B2 Upper Intermediate

seniority icon

Seniority

Regular

Belgrade, Serbia

Req. VR-123953

Serbia, 11070, Belgrade, Tadije Sondermajera 11

Application Security

Cross Industry Solutions

09/07/2026

Req. VR-123953

Apply for Senior application security analyst in Belgrade

*Indicates a required field

Under the terms of your specific consent or to perform our obligations under a contract with you, as applicable, we, Luxoft Holding Inc. will manually and electronically process your personal data, specifically your first name, last name, phone number, e-mail address and other data you provide us through this form.


Within this context, we process personal data only for the specific purpose(s) indicated in the individual consent language or other notices provided below.


We will – insofar as reasonably necessary for the purpose you have agreed to and within the scope of applicable laws – transfer your personal data to other entities within the Luxoft Group and to the group of third party recipients listed in our Privacy Notice. Such Recipients can be located outside the European Union (EU) and/or the European Economic Area (EEA) (“Third Countries”). The Third Countries concerned, e.g. the USA, may not have the level of data protection that you enjoy e.g. under the GDPR. This can result in disadvantages such as an impeded enforcement of data subjects’ rights, a lack of control over further processing and access by state authorities. You may only have limited legal remedies against this. Insofar our transfer of your personal data to recipients in Third Countries is not covered by an adequacy decision of the EU Commission, we achieve an adequate level of data protection as further detailed out in our Privacy Notice.


With your consent, we personalise marketing communications to you by way of carrying out marketing research analysis, analysing the surfing-behaviour of our website visitors and to adjust it to their detected tendencies, as well as to plan more efficient future marketing activities. This personalised marketing does not include any automated decision-making activities.


Further information on how we process personal data in general is available in our Privacy Notice. You may withdraw any given consent at any time. The withdrawal of your consent(s) will not affect the lawfulness of processing before its withdrawal. For any request in this context, please e-mail us at: DPO@luxoft.com.


Before uploading CV or any other information to this website, to learn more about your obligations and restrictions arising from the use of this website, please read our Terms of Use.