Bayt.com

Submitting more applications increases your chances of landing a job.

Here’s how busy the average job seeker was last month:

Opportunities viewed

Applications submitted

Keep exploring and applying to maximize your chances!

Looking for employers with a proven track record of hiring women?

Click here to explore opportunities now!
We Value Your Feedback

You are invited to participate in a survey designed to help researchers understand how best to match workers to the types of jobs they are searching for

Would You Be Likely to Participate?

If selected, we will contact you via email with further instructions and details about your participation.

You will receive a $7 payout for answering the survey.


User unblocked successfully
https://bayt.page.link/QbbQz3Td1NViMRft9
Back to the job results

Junior Application Security Specialist

18 days ago 2026/08/21
Other Business Support Services
Create a job alert for similar positions
Job alert turned off. You won’t receive updates for this search anymore.
Undo

Job description

We are looking for junior application security specialists to join a growing security team at
Xsolla. This is a hands-on role where you will work closely with senior specialists to identify,
assess, and help remediate security vulnerabilities across our products and infrastructure.
You will be involved in day-to-day AppSec work - code reviews, vulnerability triage, threat
modeling, and security testing. You are curious, detail-oriented, and eager to develop deep
expertise in application security. You do not need to have all the answers, but you ask the right
questions and follow through.
This is a strong learning environment. You will be exposed to real-world security challenges in a
payment platform operating at scale, and supported by experienced security specialists who will
help you grow.

Responsibilities


  • Triage Security Findings - Assess incoming bug bounty reports and scanner findings.
    Evaluate validity, calculate real severity, and escalate appropriately with clear written
    summaries.
     Assist with Vulnerability Assessments - Participate in security assessments of web
    applications and APIs. Help identify and document risks in new features and existing
    systems.
     Write Clear Security Documentation - Document findings, reproduce steps, and
    remediation guidance in a way that engineering teams can act on.
     Support Threat Modeling - Participate in threat modeling sessions. Learn to identify
    trust boundaries, data flows, and attack surfaces in system designs.
     Monitor Security Tools - Help operate SAST, DAST, and dependency scanning tooling.
    Track findings, reduce noise, and support remediation workflows.
     Support Code Reviews - Review code for common vulnerability classes under guidance
    of senior specialists. Learn to identify security issues across PHP, Python, and Go
    codebases.
     Stay Current - Follow developments in the security community. Bring awareness of new
    vulnerability classes, CVEs, and attack techniques relevant to our stack.

What You Bring


  •  Web Security Fundamentals - Solid understanding of common vulnerability classes:
    OWASP Top 10, CSRF, XSS, IDOR, SQL injection, open redirect, authentication and
    session management weaknesses. You understand root causes, not just names.
     Web and Browser Fundamentals - Solid understanding of how web applications work:
    HTTP request/response cycle, client-server model, REST APIs, how browsers handle
    same-origin policy, cookies and their attributes, and CORS. This is the foundation
    everything else builds on.
     Security Testing Tools - Hands-on experience with Burp Suite or similar web
    application security testing tools. You have used them to intercept, modify, and replay
    requests - not just run automated scans.
     Vulnerability Documentation - Able to reproduce a vulnerability and write it up clearly:
    reproduction steps, proof of concept, and impact statement. Findings that engineering
    teams cannot reproduce or understand do not get fixed.
     Secure Development Awareness - Familiarity with foundational secure coding
    concepts: input validation, output encoding, parameterized queries, and least privilege.
     Code Readability - Ability to read and follow code in at least one language relevant to
    web security - PHP, Python, JavaScript, or Go. You don't need to be a developer, but you
    need to follow logic and spot security-relevant patterns.
     Analytical Thinking - You reason through problems methodically. You can explain not
    just what a vulnerability is but why it exists, how it is exploited, and what fixing it
    actually requires.
     Clear Written Communication - You write findings and summaries that are precise,
    reproducible, and useful to the engineers who need to act on them.
     Curiosity and Initiative - You dig into problems rather than stopping at the surface.
    When something looks wrong, you investigate before concluding.

Nice to Have


  •  Participation in bug bounty programs or CTF competitions
     Basic scripting ability for automation - Python or Bash
     Familiarity with CI/CD pipelines and where security tooling fits
     Exposure to cloud environments - GCP, AWS, or Azure
     Relevant coursework or certifications - eWPT, CEH, or similar entry-level credentials

This job post has been translated by AI and may contain minor differences or errors.
Apply on company site Email to Friend Complete Questionnaire
You’ve reached the maximum limit of 15 job alerts. To create a new alert, please delete an existing one first.
MANAGE
Job alert created for this search. You’ll receive updates when new jobs match.
Manage alerts
Are you sure you want to unapply?

You'll no longer be considered for this role and your application will be removed from the employer's inbox.