Application Security Engineer

  • Copenhagen, Denmark
  • Full-time
  • Department: Product & Engineering

Company Description

We’re looking for candidates with a strong engineering background looking to take on the challenges that accompany securing an open app platform that handles hundreds of billions of transactions annually.

Tradeshift is composed of a distributed system of Javascript, Java and Scala applications built using the Spring framework and communicating via RESTful interfaces.  The platform was built to be extensible with 3rd parties as well as internal developers able to develop applications to provide value to end users. This role would be focused on identifying, preventing, and remediating security vulnerabilities in our applications throughout the development and maintenance life cycles.

We believe in an integrated approach to application security and that prevention is better than a cure.  We also believe that communication skills and the ability to help others can amplify the impact of an engineer 10x.  We take security very seriously and work very hard to include it throughout our software lifecycle from the design process all the way through how we operate the platform.

Job Description

  • Perform security-related  architecture and code design and implementation reviews

  • Automate to improve the abilities of other engineers to develop and maintain secure code

  • Find and remediate security flaws across the software stack

  • Coordinate with researchers on our bug bounty program to close exposed vulnerabilities

  • Consult across teams on secure architecture design and implementations

  • Propose, evaluate and build innovative new security features to benefit our users

  • Assist with security incident response as needed

  • Be a security evangelist across all of Tradeshift

  • Train other developers to help them build more secure products

  • Work with external pen testers to continually improve security on the platform


  • Great communication skills to help build a strong security culture

  • Deep proficiency in Java development including Groovy and Grails

  • 4+ years of development experience engineering web-facing systems

  • Expertise in conducting design reviews and remediating security issues in existing code

  • Ability to help resolve flaws and errors in an empathetic manner

  • Solid foundation in web application security including node.js applications

  • Experience with penetration testing against applications

  • Experience working with sensitive data like credit cards and other PII

  • Proficiency in implementing sandboxing solutions

  • BS (+) in Computer Science or a related technical field/equivalent experience


Additional Information


Our culture was formed from day one when three Danes poured their heart and soul into creating a platform that could connect every business in the world. We expect each employee to approach their job at Tradeshift with the same amount of pride and passion and embody the Tradeshift culture that makes us the best company in history.

Shifters come from various backgrounds and nations, and we all thrive off challenging the status quo. We take pride in nurturing employee happiness, encouraging personal development, and welcoming teammates from all walks of life.

We value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

The Perks:

  • Ambitious international startup
  • Career and professional development opportunities
  • Large office that provides caters to many different work-environment preferences  
  • Flexible work hours
  • Mobile phone plan and at home internet
  • Lunch and snacks daily with drinks
  • A competitive compensation package and equity
  • In-house activities like yoga
  • Opportunity to join many fun, varied company events like happy hours, hackathons, family holiday parties, and many more.

All your information will be kept confidential according to EEO & GDPR guidelines.

Privacy Policy