Junior Application Security Specialist job opportunity at Xsolla.

Home Jobs In Azerbaijan Tag: Job Junior Application Security Specialist position at Xsolla


Date2026-04-22 bot
Xsolla Junior Application Security Specialist
Experience: General
Pattern: full-time
Country:
apply Apply Now
Salary:
Status:

Job

Copy Link Report
degreeGeneral
loacation Baku, Azerbaijan
loacation Baku....Azerbaijan
Auto GPT Summarize Enabled
<p>We are looking for junior application security specialists to join a growing security team at<br>Xsolla. This is a hands-on role where you will work closely with senior specialists to identify,<br>assess, and help remediate security vulnerabilities across our products and infrastructure.<br>You will be involved in day-to-day AppSec work - code reviews, vulnerability triage, threat<br>modeling, and security testing. You are curious, detail-oriented, and eager to develop deep<br>expertise in application security. You do not need to have all the answers, but you ask the right<br>questions and follow through.<br>This is a strong learning environment. You will be exposed to real-world security challenges in a<br>payment platform operating at scale, and supported by experienced security specialists who will<br>help you grow.</p>\n<p></p><p><br></p><b>Responsibilities</b><div>Triage Security Findings - Assess incoming bug bounty reports and scanner findings.<br>Evaluate validity, calculate real severity, and escalate appropriately with clear written<br>summaries.<br> Assist with Vulnerability Assessments - Participate in security assessments of web<br>applications and APIs. Help identify and document risks in new features and existing<br>systems.<br> Write Clear Security Documentation - Document findings, reproduce steps, and<br>remediation guidance in a way that engineering teams can act on.<br> Support Threat Modeling - Participate in threat modeling sessions. Learn to identify<br>trust boundaries, data flows, and attack surfaces in system designs.<br> Monitor Security Tools - Help operate SAST, DAST, and dependency scanning tooling.<br>Track findings, reduce noise, and support remediation workflows.<br> Support Code Reviews - Review code for common vulnerability classes under guidance<br>of senior specialists. Learn to identify security issues across PHP, Python, and Go<br>codebases.<br> Stay Current - Follow developments in the security community. Bring awareness of new<br>vulnerability classes, CVEs, and attack techniques relevant to our stack.</div><p><br></p><b>What You Bring</b><div> Web Security Fundamentals - Solid understanding of common vulnerability classes:<br>OWASP Top 10, CSRF, XSS, IDOR, SQL injection, open redirect, authentication and<br>session management weaknesses. You understand root causes, not just names.<br> Web and Browser Fundamentals - Solid understanding of how web applications work:<br>HTTP request/response cycle, client-server model, REST APIs, how browsers handle<br>same-origin policy, cookies and their attributes, and CORS. This is the foundation<br>everything else builds on.<br> Security Testing Tools - Hands-on experience with Burp Suite or similar web<br>application security testing tools. You have used them to intercept, modify, and replay<br>requests - not just run automated scans.<br> Vulnerability Documentation - Able to reproduce a vulnerability and write it up clearly:<br>reproduction steps, proof of concept, and impact statement. Findings that engineering<br>teams cannot reproduce or understand do not get fixed.<br> Secure Development Awareness - Familiarity with foundational secure coding<br>concepts: input validation, output encoding, parameterized queries, and least privilege.<br> Code Readability - Ability to read and follow code in at least one language relevant to<br>web security - PHP, Python, JavaScript, or Go. You don't need to be a developer, but you<br>need to follow logic and spot security-relevant patterns.<br> Analytical Thinking - You reason through problems methodically. You can explain not<br>just what a vulnerability is but why it exists, how it is exploited, and what fixing it<br>actually requires.<br> Clear Written Communication - You write findings and summaries that are precise,<br>reproducible, and useful to the engineers who need to act on them.<br> Curiosity and Initiative - You dig into problems rather than stopping at the surface.<br>When something looks wrong, you investigate before concluding.</div><p><br></p><b>Nice to Have</b><div> Participation in bug bounty programs or CTF competitions<br> Basic scripting ability for automation - Python or Bash<br> Familiarity with CI/CD pipelines and where security tooling fits<br> Exposure to cloud environments - GCP, AWS, or Azure<br> Relevant coursework or certifications - eWPT, CEH, or similar entry-level credentials</div><p><br></p><p></p>\n<p><br>Xsolla operates across multiple time zones. Strong written communication is essential - you will<br>need to document your work clearly so findings and context are not lost across handoffs.<br>We value directness, intellectual honesty, and follow-through. If you do not know something,<br>say so and find out. If you find something, explain it clearly and see it through to resolution.</p>

Other Ai Matches

Middle Software Engineer (PHP) Applicants are expected to have a solid experience in handling Job related tasks
Junior Application Security Specialist Applicants are expected to have a solid experience in handling Job related tasks
Senior Developer (Payment) Applicants are expected to have a solid experience in handling Job related tasks
Backend Engineer (Go) Applicants are expected to have a solid experience in handling Job related tasks