AppSec Engineer

Hey there
We're Fever, the world's leading tech platform for culture and live entertainment, 

Our mission? To democratize access to culture and entertainment. With our proprietary cutting-edge technology and data-driven approach, we're revolutionizing the way people engage with live entertainment.

Every month, our platform inspires over 300 million people in +40 countries (and counting) to discover unforgettable experiences while also empowering event creators with our data and technology, helping them scale, innovate, and enhance their events to reach new audiences. 

Our results? We've teamed up with major industry leaders like Netflix, F.C. Barcelona, and Primavera Sound, presented international award-winning experiences, and are backed by several leading global investors Impressive, right? 

To achieve our mission, we are looking for bar-raisers with a hands-on mindset who are eager to help shape the future of entertainment

Ready to be part of the experience? 

Now, let's discuss this role and what you will do to help achieve Fever's mission.

As an AppSec Engineer, you will play a crucial role in ensuring the security of our software practices. Working closely with development and engineering teams, you will be responsible for implementing and maintaining secure development practices, reviewing security vulnerabilities and enhancing our security posture across the organization. Your goal will be to help developers understand and integrate security concepts while fostering a culture of security within the company. You will also contribute to automation, tooling and security guidance to mitigate risks and improve our security processes.

On your first month in Fever:

• You will be fully integrated into the team. You will participate in planning and follow-up meetings with other areas.
• You will have met the departments of Fever.
• You will get familiar with Fever's technological structure and ecosystem (applications, infrastructure, architecture, etc.)
• You will gain an understanding of our security processes, tools and overall security landscape.

After 3 months in Fever:

• You will collaborate with developers to provide security guidance and best practices.
• You will assist in triaging and analyzing vulnerabilities from static and dynamic application security testing (SAST/DAST) tools.
• You will start contributing to security automation in CI/CD pipelines.
• You will contribute to the evaluation and selection of new security tools and processes.

On your 6th month in Fever:

• You will design and define requirements for change management in development processes.
• You will perform threat modeling to assess and mitigate potential security risks.
• You will implement and refine SDLC methodology for secure software development.
• You will take ownership of security automation and SSDLC initiatives within the company..

• Execute the SSDLC strategy across the organization.
• Maintain and optimize SSDLC tools, ensuring high-quality vulnerability detection.
• Implement and automate security controls in CI/CD pipelines (Jenkins, GitHub Actions, etc.).
• Support teams in identifying and resolving software security vulnerabilities.
• Conduct security code reviews and design assessments.
• Develop security tools, libraries, and automation mechanisms.
• Perform proactive research on emerging security threats and trends.
• Educate engineers on security best practices through training and documentation.

Must have:

• Strong knowledge of secure development workflows and CI/CD tools (Jenkins, GitHub Actions, etc).
• Proven experience with SSDLC tooling and understanding of microservices architecture, APIs and secure development practices.
• Proficiency in programming languages (Python, JavaScript, etc).
• Familiarity with security frameworks and standards (OWASP, NIST, etc).
• Experience with application security concepts such as threat modeling, risk assessments, and secure coding practices.
• Strong problem-solving skills and ability to manage multiple tasks effectively.
• 4+ years of experience in software development or security engineering.
• Bachelor or Master's Degree in Computer Science, Information Security, or another similar relevant degree (or equivalent experience in a technical security role).
• Fluent in English.
• Good communication skills.

It would be a plus if you have:

• Security certifications such as CISSP, CSSLP or equivalent.
• Experience contributing to open-source security projects.
• Hands-on experience with penetration testing or bug bounties.

• Opportunity to have a real impact in a high-growth global category leader
• 40% discount on all Fever events and experiences
• Position based in Madrid, home office friendly.
• Relocation package for international candidates
• Responsibility from day one and professional and personal growth
• Great work environment with a young, international team of talented people to work with
• Health insurance and other benefits such as Flexible remuneration with a 100% tax exemption through Cobee.
• English Lessons
• Gympass Membership
• Possibility to receive in advance part of your salary by Payflow.
• Attractive compensation package consisting of base salary and the potential to earn a significant bonus for top performance.

Thank you for considering joining Fever. We cannot wait to learn more about you

If you want to learn more about us: Fever's Blog | Tech.Eu |TechCrunch

Fever is committed to creating an inclusive and diverse workspace where everyone's background and ideas count. Our main goal is to find the best possible talent regardless of place of birth, racial or ethnic origin, gender, gender identity, religion, opinion, sexual orientation, disability, pregnancy, marital status, age or caring responsibilities. We encourage everyone to apply

If you require any kind of accommodation during the selection process please contact our Talent team so we can help you by providing a welcoming and seamless journey.

If you want to know more about how Fever processes your personal data, click here Fever - Candidate Privacy Notice