Application Security Engineer

Application Security Engineer

Location: Valencia / Madrid / Barcelona - Spain Hybrid / Remote.

Team: Engineering

Welcome to Maisa - Making AI Accountable

Our agentic process automation platform helps enterprises automate complex, decision-heavy processes that traditional automation can't handle and GenAI can't be trusted with. 

We enable organizations to scale operations, resist hallucinations, and bring end-to-end visibility and control to your most complex processes.

Powered by a new kind of computing platform, Maisa combines AI-driven problem solving with programmatic execution, so every action is reliable, auditable, and built for enterprise scale.

About the role… 

We're looking for a Senior Application Security Engineer to own and scale our Vulnerability Management Program, embed security into CI/CD pipelines, and perform deep code security reviews. This hands-on role partners with Engineering, SRE, and GRC to measurably reduce application risk across our portfolio. We value engineers who automate first, build guardrails instead of gates, and help teams ship secure software fast.

What you'll do… 

Vulnerability Management (Program Ownership):

• Define and operate end-to-end vulnerability management lifecycle (SCA, SAST, DAST, container, IaC scanning)

• Establish risk-based triage using CVSS and exploited vulnerability catalogs

• Integrate scanners into CI/CD (GitHub Actions) and container registries

• Build automated patch/dependency-update pipelines (e.g., Dependabot automated PRs)

• Generate and store SBOMs; implement image signing and provenance (Sigstore, cosign, SLSA)

• Track MTTR, time-to-first-fix, and executive-level security metrics

• Partner with GRC to align with ISO 27001 and SOC 2 frameworks

Security in CI/CD (Shift-Left & Supply Chain):

• Embed SAST, SCA, secret scanning, and IaC checks into pipelines

• Enforce branch protections, mandatory code reviews, and artifact signing

• Champion least-privilege pipelines, ephemeral runners, and hardened build environments

• Publish attestations and SBOMs with every release

Code Security Reviews (Depth Where It Matters):

• Perform targeted manual reviews of critical code paths (auth/authz, crypto, multi-tenant boundaries, PII handling)

• Write concise, actionable review notes with clear risk statements and remediation guidance

• Collaborate with developers to land fixes quickly

• Contribute to secure coding patterns and internal libraries

• Deliver developer training based on real findings

What you'll bring… 

• Strong demonstrable experience in Application Security or Security Engineering

• Proven ownership of a Vulnerability Management or Secure SDLC program

• Strong hands-on skills with at least two programming languages: Go, Python, , or Java

• Experience integrating SAST/SCA/DAST/Secrets/IaC tools into Git-based CI/CD (GitHub Actions preferred)

• Solid understanding of container and Kubernetes security (image scanning, admission controls, PodSecurity)

• Deep knowledge of authn/authz, cryptography, SSRF/XSS/Injection classes, and modern web/API architectures

• Familiarity with ISO 27001 and SOC 2 requirements for software security

• Excellent communication and stakeholder management skills

• Fluent Spanish (essential for client interactions)

• Any Familiarity with tools such as: Semgrep, CodeQL, Trivy, Grype, Snyk, Dependabot, Checkov, tfsec, ZAP, Burp, SonarQube would be beneficial. As would any formal certifications such as OSWE, OSCP, GCSA, GWAPT, GWEB, CSSLP.

Why join Maisa 

You will be joining one of Europe's most exciting early-stage AI start-ups, where you'll have the opportunity to work with cutting-edge Agentic Process Automation that's reshaping how enterprises approach AI deployment. You will get to directly influence how major multinational organizations transform critical business processes, working on genuinely differentiated technology that solves real enterprise AI challenges.

Following our recent $25m Seed Round, backed by leading Venture Capital firms including Creandum, Forgepoint, NFX, and Village Global, we're scaling quickly and realising significant enterprise traction. This is your opportunity to help solve real AI enterprise challenges, working alongside deep technical and industry experts, where you will be challenged daily and expedite your learning and development.  

Maisa is committed to Equal Employment Opportunity through attracting and retaining a complementary team of employees and building an inclusive environment for all.