Application Security Engineer
Indexed description
Role: Application Security Engineer
Experience: 3-5 years in Application / Product Security
About Fluidra
Fluidra is the global leader in equipment and connected solutions for the pool and wellness sector, founded in 1969 and headquartered in Sant Cugat, Barcelona, Spain. With over 6,500 employees operating across more than 47 countries, Fluidra develops, manufactures, and distributes innovative products and services for residential and commercial pool markets worldwide.
Our Mission: To create the perfect pool and wellness experience responsibly — delivering cutting-edge equipment, automation, IoT connectivity, and water treatment solutions that enhance comfort, sustainability, and peace of mind for customers around the world.
About the Product Security Team
Fluidra's Product Security team sits at the intersection of cybersecurity and connected product engineering. As Fluidra expands its portfolio of IoT-enabled pool controllers, mobile applications, cloud platforms, and smart wellness devices, securing these products by design is a strategic priority.
The team is responsible for embedding security across the entire product development lifecycle — from threat modelling in early design phases to SAST/DAST/SCA integration in CI/CD pipelines, and through to post-release vulnerability management. We work closely with firmware engineers, cloud architects, and product managers to ensure Fluidra's connected products meet the highest security standards globally.
Role Overview
As an Application Security Engineer, you will be an active contributor within Fluidra's Product Security team. You will support security reviews, vulnerability assessments, and DevSecOps integration efforts across Fluidra's connected product portfolio. Working alongside senior engineers, you will gain deep exposure to product security across cloud platforms, mobile applications, APIs, and IoT devices.
Key Responsibilities
Product Security & Consulting
- Serve as a trusted security advisor to product engineering teams throughout the SDLC.
- Conduct security architecture reviews for new and existing products, cloud services, APIs, and mobile applications.
- Perform in-depth source code reviews across multiple languages (e.g., Java, C/C++, Python, JavaScript) to identify security vulnerabilities.
- Lead and facilitate threat modelling sessions (e.g., STRIDE, PASTA) with cross-functional development teams.
- Produce detailed security findings, risk ratings, and actionable remediation guidance for engineering stakeholders.
DevSecOps & Tooling
- Design, implement, and maintain SAST (Static Application Security Testing) tooling integrated into CI/CD pipelines.
- Deploy and manage DAST (Dynamic Application Security Testing) solutions for web and API endpoints.
- Implement and operate SCA (Software Composition Analysis) to identify vulnerable open-source dependencies and license risks.
- Champion DevSecOps culture by enabling developers with security guardrails, training, and self-service security tools.
IoT & Embedded Security
- Collaborate with firmware and hardware teams to assess security of embedded systems and IoT devices.
- Review IoT communication protocols, firmware update mechanisms, and device authentication architectures.
- Assess risks related to connected pool controllers, smart devices, and Fluidra's cloud-to-device communication layers.
Vulnerability Management & Incident Support
- Triage, assess, and track security vulnerabilities identified across the product portfolio.
- Coordinate with development teams on remediation timelines and verify fixes.
- Stay current with emerging CVEs, threat intelligence, and industry security research relevant to Fluidra products.
Required Qualifications
- 3+ years of hands-on experience in application security, product security, or a closely related field.
- Strong knowledge of OWASP Top 10, SANS CWE, and common application security vulnerabilities.
- Practical experience with SAST tools (e.g., Semgrep, Checkmarx, SonarQube, Fortify).
- Hands-on experience with DAST tools (e.g., OWASP ZAP, Burp Suite Professional).
- Experience with SCA tools for open-source dependency management (e.g., Snyk, FOSSA, Dependabot, Black Duck).
- Proven ability to conduct source code security reviews in one or more languages.
- Experience facilitating or participating in threat modelling activities.
- Solid understanding of secure SDLC principles and DevSecOps practices.
- Excellent written and verbal communication skills; ability to explain security risks to non-technical stakeholders.
Preferred Qualifications
- Experience in IoT security — firmware analysis, embedded systems, hardware security assessment.
- Familiarity with IoT protocols (MQTT, CoAP, Zigbee, BLE, Z-Wave) and associated security risks.
- Knowledge of AWS cloud security and container/Kubernetes security.
- Mobile application security experience (iOS / Android).
- Relevant certifications such as OSCP, GWAPT, CEH, CSSLP, or AWS Security Specialty.
- Experience working in a regulated or compliance-driven environment (e.g., IEC 62443, CRA, GDPR).
Why Join Fluidra?
- Be part of a global security team protecting connected products used by millions of customers worldwide.
- Work at the forefront of IoT and smart product security in a fast-growing, innovation-driven company.
- Collaborative, inclusive culture with opportunities for professional growth and development.
- Competitive compensation, flexible hybrid work model, and a strong commitment to work-life balance.
- Exposure to a diverse technology stack — cloud, firmware, mobile, and web — across multiple global product lines.
- Contribute to Fluidra's mission of creating a safer, smarter, and more sustainable pool and wellness experience.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search