Junior Application Security Specialist
Quick Summary
ABOUT YOU We are looking for a junior application security specialist to join a growing security team at Xsolla.
We are looking for a junior application security specialist to join a growing security team at Xsolla. This is a hands-on role where you will work closely with senior specialists to identify, assess, and help remediate security vulnerabilities across our products and infrastructure.
You will be involved in day-to-day AppSec work - code reviews, vulnerability triage, threat modeling, and security testing. You are curious, detail-oriented, and eager to develop deep expertise in application security. You do not need to have all the answers, but you ask the right questions and follow through.
This is a strong learning environment. You will be exposed to real-world security challenges in a payment platform operating at scale, and supported by experienced security specialists who will help you grow.
-
Triage Security Findings - Assess incoming bug bounty reports and scanner findings. Evaluate validity, calculate real severity, and escalate appropriately with clear written summaries.
-
Assist with Vulnerability Assessments - Participate in security assessments of web applications and APIs. Help identify and document risks in new features and existing systems.
-
Write Clear Security Documentation - Document findings, reproduction steps, and remediation guidance in a way that engineering teams can act on.
-
Support Threat Modeling - Participate in threat modeling sessions. Learn to identify trust boundaries, data flows, and attack surfaces in system designs.
-
Monitor Security Tools - Help operate SAST, DAST, and dependency scanning tooling. Track findings, reduce noise, and support remediation workflows.
-
Support Code Reviews - Review code for common vulnerability classes under guidance of senior specialists. Learn to identify security issues across PHP, Python, and Go codebases.
-
Stay Current - Follow developments in the security community. Bring awareness of new vulnerability classes, CVEs, and attack techniques relevant to our stack.
-
Web Security Fundamentals - Solid understanding of common vulnerability classes: OWASP Top 10, CSRF, XSS, IDOR, SQL injection, open redirect, authentication and session management weaknesses. You understand root causes, not just names.
-
Web and Browser Fundamentals - Solid understanding of how web applications work: HTTP request/response cycle, client-server model, REST APIs, how browsers handle same-origin policy, cookies and their attributes, and CORS. This is the foundation everything else builds on.
-
Security Testing Tools - Hands-on experience with Burp Suite or similar web application security testing tools. You have used them to intercept, modify, and replay requests — not just run automated scans.
-
Vulnerability Documentation - Able to reproduce a vulnerability and write it up clearly: reproduction steps, proof of concept, and impact statement. Findings that engineering teams cannot reproduce or understand do not get fixed.
-
Secure Development Awareness - Familiarity with foundational secure coding concepts: input validation, output encoding, parameterized queries, and least privilege.
-
Code Readability - Ability to read and follow code in at least one language relevant to web security - PHP, Python, JavaScript, or Go. You don't need to be a developer, but you need to follow logic and spot security-relevant patterns.
-
Analytical Thinking - You reason through problems methodically. You can explain not just what a vulnerability is but why it exists, how it is exploited, and what fixing it actually requires.
-
Clear Written Communication - You write findings and summaries that are precise, reproducible, and useful to the engineers who need to act on them.
-
Curiosity and Initiative - You dig into problems rather than stopping at the surface. When something looks wrong, you investigate before concluding
-
Participation in bug bounty programs or CTF competitions;
-
Basic scripting ability for automation - Python or Bash;
-
Familiarity with CI/CD pipelines and where security tooling fits;
-
Exposure to cloud environments - GCP, AWS, or Azure;
-
Relevant coursework or certifications - eWPT, CEH, PortSwigger Web Security Academy progress, or similar entry-level credentials.
Xsolla operates across multiple time zones. Strong written communication is essential - you will need to document your work clearly so findings and context are not lost across handoffs. We value directness, intellectual honesty, and follow-through. If you do not know something, say so and find out. If you find something, explain it clearly and see it through to resolution.
Location & Eligibility
Listing Details
- Posted
- July 7, 2026
- First seen
- July 7, 2026
- Last seen
- July 7, 2026
Posting Health
- Days active
- 0
- Repost count
- 0
- Trust Level
- 67%
- Scored at
- July 7, 2026
Signal breakdown

Xsolla is a global video game commerce company that provides developers and publishers with tools and services for funding, marketing, launching, and monetizing games across multiple platforms.
View company profilePlease let Xsolla know you found this job on Jobera.
3 other jobs at Xsolla
View all →Explore open roles at Xsolla.
Similar Security Specialist jobs
View all →Browse Similar Jobs
Stay ahead of the market
Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.
No spam. Unsubscribe at any time.