Application Security Engineer

Lisbon / Athens / Barcelona / Berlin / Bruxelles / Bucharest / Budapest / Dublin / Europe / Northern Europe / riga / Vienna / Warsaw / Vilnius
Engineering – Tech /
Full-time /
Remote
Our Mission
Swapcard is the leading AI-powered event platform designed to drive revenue growth and foster meaningful connections at in-person and hybrid events. We recognize the importance of teamwork in successful events; that's why Swapcard is fueled by a team of innovators who are passionate about helping organizers build future-proof events.

Our Vision
At Swapcard, we believe in the power of meaningful connections. This belief fuels our commitment to pioneering modern solutions that empower organizers to create engaging event experiences.
Guided by our commitment to excellence and collaboration, we aim to redefine the landscape of event technology, setting new standards for engagement, accessibility, and impact.

Our Beliefs
At Swapcard, diversity is at the core of our success. With 42 nationalities represented among our 180+ team members, we champion diversity as a catalyst for creativity, collaboration, and unparalleled innovation.

We believe that by embracing a multitude of backgrounds, cultures, and viewpoints, we can truly understand and cater to the needs of our global community of event organizers and participants.
Our full remote opportunities empower our team to thrive, no matter where they are in the world, fostering a culture of flexibility and inclusion.

What you'll be doing?

    • Own and manage our Bug Bounty programs: triage reports, validate findings, and reproduce PoCs.
    • Collaborate with developers and product owners to propose and support remediation of security issues.
    • Write or review pull requests to fix security vulnerabilities directly in the codebase.
    • Validate results from external pentests and integrate them into the development backlog.
    • Contribute to threat modeling, code review, and security design discussions.
    • Support the Secure Development Lifecycle (SAST, dependency scanning, security automation in CI/CD).
    • Perform lightweight pentesting of new features and releases when needed.
    • Maintain clear documentation to support AppSec processes.
    • Coordinate security communication between Security, Developers, and Product for faster resolution of security tickets.

What you should have?

    • Previous experience as a developer (any modern backend/frontend stack).
    • Hands-on security experience through bug bounty programs,  CTFs, or pentesting, and respective tools (eg. Burp Suite).
    • Solid understanding of common application vulnerabilities (OWASP Top 10, SSRF, IDOR, etc.).
    • Familiarity with SAST/DAST tools (e.g. SonarQube, Snyk).
    • Experience collaborating with developers and product teams.
    • Strong problem-solving and communication skills with a “find and fix” mindset.

Bonus Points

    • Experience creating or merging PRs for security fixes in production code.
    • Knowledge of secure coding practices in web and API development.
    • Familiarity with CI (Jenkins, GilabCI…) and DevOps tools (Terraform, Helm…).
    • Exposure to WAFs, anti-bot solutions, or related AppSec defenses.
    • Interest in contributing to security automation and developer enablement.

Swapcard’s Interview process
Our thorough interview process aims to identify exceptional talent to advance our mission while offering you a chance to explore your career potential at Swapcard.

1. Screening Interview with a recruiter from our people team.
2. A remote exercise to demonstrate and assess your skills.
3. Manager review with your future reporting manager
4. Leadership review with one of our department leaders
5. Reference check conducted by our people team
6. Offer

Swapcard's Values
🧠 Curious: We ask questions, try new things and take risks. We learn from one another and see mistakes as opportunities to grow—what matters most is how we react and learn from them. We are curious about what something is and why something is. Innovation thrives when curiosity drives.
🗝️ Value-Driven: At Swapcard, we focus on making each decision count by prioritising outcomes that create meaningful value for our customers, team members, and partners.
💚 Human: At Swapcard, being human means fostering empathy, openness, and diversity to create a caring and collaborative community. We’re driven by a strong team spirit and a shared goal of building meaningful connections—both through our product and within our team.
Resilient: We embrace challenges with optimism, creativity, and adaptability, constantly seeking innovative solutions and opportunities for growth.
👑 Ownership: At Swapcard, we take responsibility and are accountable for our actions, driving success through initiative, trust, and accountability. True ownership means more than just completing tasks; it's about being proactive, investing ourselves fully in the outcomes, and fostering a culture of trust.

Benefits & Reasons to Join Swapcard
 - International team with 40+ nationalities (more on the way!) 🌍
- Remote-first policy with headquarters in Paris 🗼
- Thriving startup with career growth opportunities 🪴
- Open-minded culture that appreciates differences 👽
- Feedback-driven, supportive & curious team with a DIY mindset 🤔 🛠
- Generous Paid Time Off to ensure you have time for what matters most ❤️🏡
- Remote perks designed to optimize your working experience 🎁
- In-person social gatherings to celebrate our achievements 🏝️
- 100% of your health insurance contribution paid by Swapcard 🏥
- Work-from-home budget (one-off contribution for equipment in addition to your initial equipment setup) 🖇️
- Co-working space budget to support remote work in professional environments 💼
- Learning budget to help you develop new and existing skills 🤓
- Mental health care initiatives to support your well-being 🧘

Equal Opportunity
Swapcard is committed to upholding equal employment practices and making merit-based employment decisions. We welcome individuals from all backgrounds, abilities, and experiences to apply, regardless of race, nationality, religion, sexual orientation, gender identity, pregnancy status, age, marital status, and status as a veteran