Jobs at Luciq (Now Hiring) — 1 open

Application Security Engineer

Cairo, Cairo, Egypt · Hybrid

Mid level$53M raised

Job Purpose As an Application Security Engineer at Luciq, you will help shape and build our application security program alongside the wider team. This is a hands-on, high-ownership role where you will work closely with …

Skills: Application Security, Secure Code Review, Threat Modeling, Vulnerability Management, CI/CD Security

Application Security Engineer

Luciq

Cairo, Cairo, Egypt • Hybrid

Apply

Mid level

Tired of cold applications?

Sign up with Clera and we'll reach out the moment a role actually fits you — no more spraying applications into the void.

Full-time
bachelor degree
Posted 56d ago
~40 hrs/week

Responsibilities

The role involves leading threat modeling, conducting secure code reviews, and managing vulnerabilities across web applications, APIs, and mobile SDKs. Additionally, the engineer will build automated security testing in CI/CD pipelines and maintain AWS cloud security visibility.

Requirements

Candidates need 3-6 years of experience in application security with proficiency in Python, Ruby, or Go and a deep understanding of OWASP patterns. Practical experience with STRIDE threat modeling and integrating security tools into CI/CD pipelines is required.

Full job description

Job Purpose

As an Application Security Engineer at Luciq, you will help shape and build our application security program alongside the wider team. This is a hands-on, high-ownership role where you will work closely with product and development teams across the full software development lifecycle — reviewing designs before code is written, identifying risks as features take shape, and ensuring security is embedded into how we build and ship software, not bolted on after the fact. Our stack runs on Ruby on Rails, Go, and Python, deployed on AWS with Terraform managing infrastructure as code and Jenkins powering CI/CD. You will read and review code in these languages — not just rely on scanner output — and work with AWS security services (SecurityHub, Inspector, GuardDuty, CloudTrail, CloudFront) to provide visibility and protection across our infrastructure. The role spans web applications, APIs, our mobile SDK (iOS and Android), cloud, and CI/CD — partnering with engineers, PMs, Platform, and the Security team to make the secure path the default path. This role can be filled at mid-level with a clear growth path to senior-level as you grow into shaping our application security program, or at senior-level if you're already operating at that scope.

You will join a lean Security team, which entails stepping beyond core AppSec for incident triage, addressing customer security questionnaires, or supporting cross-functional cloud and compliance reviews. We value this variety as a core facet of the role; if you are seeking hyper-specialized work restricted strictly to application security, this may not be the right fit.

Job Responsibilities

Secure Design & Code Review
- Run and lead threat modeling sessions with product and engineering teams during feature design. This is a hands-on role with expectations to deliver fixes in the product as needed while enabling other engineers.
- Conduct security code reviews and architecture reviews across web applications, APIs, and services in Ruby, Go, and Python
- Leverage AI and make sure that we enable engineers to adhere to security acceptance criteria. Provide guidance to engineers on secure design as we iterate and build the product.
Vulnerability Management
- Validate, triage, and drive remediation of vulnerabilities — partner with engineering teams across the full lifecycle from discovery through SLA support
- Coordinate with engineering teams on fix verification and root-cause prevention
Security Automation in CI/CD
- Build and maintain automated security testing in CI/CD — SAST, SCA, secret scanning
- Tune tooling for signal over noise; integrate findings into developer workflows
- Operate secret-scanning and leaked-credential response workflows
Cloud & Infrastructure Security
- Support cloud security reviews — IAM policies, network segmentation, container/Kubernetes configurations, and Terraform policy-as-code
- Work with AWS security services (SecurityHub, Inspector, GuardDuty, CloudTrail, CloudFront) to maintain visibility and detection across our infrastructure
Supply Chain & Build Security
- Own dependency risk via SCA, lockfiles, and pinning
- Drive CI/CD pipeline hardening — build runners, OIDC-to-cloud, artifact signing, SBOM standards
Cross-functional Security Enablement
- Develop secure coding guidelines and reusable patterns that make the secure path the default
- Drive S-SDLC adoption across engineering teams
- Review security posture of our mobile SDK across iOS and Android — data handling, transport security, local storage, IPC, encryption, third-party dependency risk, and SDK consumer-facing security defaults
- Assess security risks in AI/LLM integrations — prompt injection, insecure output handling, trust boundaries in agentic architectures
- Support compliance initiatives (SOC 2, ISO 27001) — translate control requirements into engineering practices and assist with audit evidence collection
- Use AI tooling actively in your own workflow AI-assisted code review, threat modeling drafts, vulnerability research, and security artifact generation and help shape how the rest of engineering uses AI safely

Job Requirements

Must-Haves

Experience: 3-6 years in application security, or security engineering
Education: Bachelor's degree in Computer Science, Information Security, or equivalent practical experience
Secure code review in at least one of: Python, Ruby, Go — can read code and reason about vulnerabilities, not rely on scanner output
OWASP Top 10 (Web and API) as root-cause patterns, not a memorized checklist — including SSRF, insecure deserialization, injection classes, and access-control flaws
Threat modeling: practical experience with STRIDE and data flow diagrams; can lead a session with a product team and produce actionable output
Auth and identity: working depth in session management, RBAC/ABAC models
CI/CD security automation: hands-on experience integrating SAST, SCA, and secret scanning into pipelines and tuning for actionable signal
Proactive and ownership-driven — does not wait to be told what to secure
Comfortable working cross-functionally with product engineers, platform engineers, and the wider team
Strong analytical and problem-solving abilities
Fluent in English, with strong written and verbal communication
Communication: clear written and verbal communication can explain a vulnerability to an engineer, a PM, or a VP

Strong Plus

We expect strong candidates to have some of these not all. The more, the better.

Mobile SDK security: OWASP Mobile Top 10 and MASVS/MASTG; Android (Kotlin) or iOS (Swift); experience with Frida, objection, or MobSF
AWS security service depth: SecurityHub, Inspector, GuardDuty, CloudTrail, CloudFront beyond IAM
Container and Kubernetes security fundamentals
Supply chain depth: SLSA framework, SBOMAI/LLM security: prompt injection mitigations, OWASP LLM Top 10, securing agentic architectures and tool-use boundaries
Familiarity with ISO 27001 or SOC 2.

Nice to Have

Terraform and policy-as-code: tfsec, Checkov, OPA/Conftest
Experience building or bootstrapping a security program
Bug bounty participation, published CVEs, or documented security research
Hands-on certifications: OSCP, OSWE, eMAPT
Incident response experience — triage, containment, root-cause analysis
Red teaming or purple teaming experience

Related keywords

Ruby on RailsGoPythonAWSTerraformJenkinsSecurityHubInspectorGuardDutyCloudTrailCloudFrontSASTSCASTRIDEOWASP Top 10OWASP Mobile Top 10

About Luciq

LinkedIn Visit site

Industry: Software Development
Company size: 201-500 employees
Headquarters: San Francisco, CA
LinkedIn followers: 108,967
Total funding: $53M

Luciq is the Agentic Observability Platform for Mobile. Our intelligent AI agents detect, prioritize, and resolve issues across the app lifecycle, empowering teams to ship faster, deliver frustration-free sessions, and focus on building what matters.

Offices: San Francisco, CA, US · Cairo, EG

Mobile Performance Platform and Mobile ObservabilityMobile AppsApplication Performance ManagementSoftwarePredictive AnalyticsEnterprise SoftwareSaaSDeveloper ToolsAnalyticsArtificial Intelligence (AI)

View all jobs at Luciq

About Luciq

LinkedIn Visit site

Industry: Software Development
Company size: 201-500 employees
Headquarters: San Francisco, CA
LinkedIn followers: 108,967
Total funding: $53M

Offices: San Francisco, CA, US · Cairo, EG

View all jobs at Luciq

Similar companies hiring

Amazon (4953)Prolific (3401)AgileEngine (1670)Bosch (1656)Speechify (1456)Google (969)Booz Allen Hamilton (779)Microsoft (722)Transport AI (669)SAP (579)Salesforce (517)Meta (456)

·Dashboard

Jobs at Luciq (Now Hiring) — 1 open

Luciq

Application Security Engineer

Cairo, Cairo, Egypt · Hybrid

Mid level$53M raised

Skills: Application Security, Secure Code Review, Threat Modeling, Vulnerability Management, CI/CD Security

Application Security Engineer

Luciq

Cairo, Cairo, Egypt • Hybrid

Apply

Mid level

Tired of cold applications?

Sign up with Clera and we'll reach out the moment a role actually fits you — no more spraying applications into the void.

Full-time
bachelor degree
Posted 56d ago
~40 hrs/week

Responsibilities

Requirements

Full job description

Job Purpose

Job Responsibilities

Secure Design & Code Review
- Run and lead threat modeling sessions with product and engineering teams during feature design. This is a hands-on role with expectations to deliver fixes in the product as needed while enabling other engineers.
- Conduct security code reviews and architecture reviews across web applications, APIs, and services in Ruby, Go, and Python
- Leverage AI and make sure that we enable engineers to adhere to security acceptance criteria. Provide guidance to engineers on secure design as we iterate and build the product.
Vulnerability Management
- Validate, triage, and drive remediation of vulnerabilities — partner with engineering teams across the full lifecycle from discovery through SLA support
- Coordinate with engineering teams on fix verification and root-cause prevention
Security Automation in CI/CD
- Build and maintain automated security testing in CI/CD — SAST, SCA, secret scanning
- Tune tooling for signal over noise; integrate findings into developer workflows
- Operate secret-scanning and leaked-credential response workflows
Cloud & Infrastructure Security
- Support cloud security reviews — IAM policies, network segmentation, container/Kubernetes configurations, and Terraform policy-as-code
- Work with AWS security services (SecurityHub, Inspector, GuardDuty, CloudTrail, CloudFront) to maintain visibility and detection across our infrastructure
Supply Chain & Build Security
- Own dependency risk via SCA, lockfiles, and pinning
- Drive CI/CD pipeline hardening — build runners, OIDC-to-cloud, artifact signing, SBOM standards
Cross-functional Security Enablement
- Develop secure coding guidelines and reusable patterns that make the secure path the default
- Drive S-SDLC adoption across engineering teams
- Review security posture of our mobile SDK across iOS and Android — data handling, transport security, local storage, IPC, encryption, third-party dependency risk, and SDK consumer-facing security defaults
- Assess security risks in AI/LLM integrations — prompt injection, insecure output handling, trust boundaries in agentic architectures
- Support compliance initiatives (SOC 2, ISO 27001) — translate control requirements into engineering practices and assist with audit evidence collection
- Use AI tooling actively in your own workflow AI-assisted code review, threat modeling drafts, vulnerability research, and security artifact generation and help shape how the rest of engineering uses AI safely

Job Requirements

Must-Haves

Experience: 3-6 years in application security, or security engineering
Education: Bachelor's degree in Computer Science, Information Security, or equivalent practical experience
Secure code review in at least one of: Python, Ruby, Go — can read code and reason about vulnerabilities, not rely on scanner output
OWASP Top 10 (Web and API) as root-cause patterns, not a memorized checklist — including SSRF, insecure deserialization, injection classes, and access-control flaws
Threat modeling: practical experience with STRIDE and data flow diagrams; can lead a session with a product team and produce actionable output
Auth and identity: working depth in session management, RBAC/ABAC models
CI/CD security automation: hands-on experience integrating SAST, SCA, and secret scanning into pipelines and tuning for actionable signal
Proactive and ownership-driven — does not wait to be told what to secure
Comfortable working cross-functionally with product engineers, platform engineers, and the wider team
Strong analytical and problem-solving abilities
Fluent in English, with strong written and verbal communication
Communication: clear written and verbal communication can explain a vulnerability to an engineer, a PM, or a VP

Strong Plus

We expect strong candidates to have some of these not all. The more, the better.

Mobile SDK security: OWASP Mobile Top 10 and MASVS/MASTG; Android (Kotlin) or iOS (Swift); experience with Frida, objection, or MobSF
AWS security service depth: SecurityHub, Inspector, GuardDuty, CloudTrail, CloudFront beyond IAM
Container and Kubernetes security fundamentals
Supply chain depth: SLSA framework, SBOMAI/LLM security: prompt injection mitigations, OWASP LLM Top 10, securing agentic architectures and tool-use boundaries
Familiarity with ISO 27001 or SOC 2.

Nice to Have

Terraform and policy-as-code: tfsec, Checkov, OPA/Conftest
Experience building or bootstrapping a security program
Bug bounty participation, published CVEs, or documented security research
Hands-on certifications: OSCP, OSWE, eMAPT
Incident response experience — triage, containment, root-cause analysis
Red teaming or purple teaming experience

Related keywords

Ruby on RailsGoPythonAWSTerraformJenkinsSecurityHubInspectorGuardDutyCloudTrailCloudFrontSASTSCASTRIDEOWASP Top 10OWASP Mobile Top 10

About Luciq

LinkedIn Visit site

Industry: Software Development
Company size: 201-500 employees
Headquarters: San Francisco, CA
LinkedIn followers: 108,967
Total funding: $53M

Offices: San Francisco, CA, US · Cairo, EG

View all jobs at Luciq

About Luciq

LinkedIn Visit site

Industry: Software Development
Company size: 201-500 employees
Headquarters: San Francisco, CA
LinkedIn followers: 108,967
Total funding: $53M

Offices: San Francisco, CA, US · Cairo, EG

View all jobs at Luciq

Similar companies hiring

Amazon (4953)Prolific (3401)AgileEngine (1670)Bosch (1656)Speechify (1456)Google (969)Booz Allen Hamilton (779)Microsoft (722)Transport AI (669)SAP (579)Salesforce (517)Meta (456)

Jobs at Luciq (Now Hiring) — 1 open

Application Security Engineer

Application Security Engineer

Tired of cold applications?

Responsibilities

Requirements

Full job description

Related keywords

About Luciq

About Luciq

Similar companies hiring

Tools

Explore

Company

Tools

Explore

Company

Jobs at Luciq (Now Hiring) — 1 open

Application Security Engineer

Application Security Engineer

Tired of cold applications?

Responsibilities

Requirements

Full job description

Related keywords

About Luciq

About Luciq

Similar companies hiring

Tools

Explore

Company

Tools

Explore

Company