Senior Application Security Engineer

About the Company

Revizto enables the people behind the world’s most important structures to do their best work. We connect architects, engineers, contractors, and owners in one shared 2D/3D environment to help deliver complex projects on time and on budget. From airports and hospitals to data centers and large-scale infrastructure, Revizto supports industry leaders including Jacobs, AECOM, AtkinsRéalis, Skanska, and Stantec in reducing risk, improving collaboration, and delivering better project outcomes.

Built on a gaming engine, Revizto is designed to handle the scale and complexity of modern construction projects while remaining fast, reliable, and accessible across devices and environments — whether teams are in the office or on site.

Headquartered in Switzerland and backed by Summit Partners, Revizto has been recognized among Switzerland’s Best Managed Companies by Deloitte in both 2024 and 2025, and named among the FT1000: Europe's Fastest-Growing Companies 2025. The company has team members across the globe.

About the Opportunity

We are looking for a Senior Application Security Engineer to join our security team and help further mature our application security program. In this role, you will be strengthening secure development standards and embedding security deeper into the software development lifecycle (SDLC).

You will work closely with development, DevOps, and DevSecOps teams to improve existing practices, introduce scalable security controls, and help make security an integral part of how we build and ship software.

Where You Will Make a Difference

• Working with and improving tools such as SAST, DAST, IAST, and RASP
• Managing application vulnerabilities and remediation workflows
• Reviewing open-source dependencies and improving SCA/OSA practices
• Performing and improving secure code review processes
• Strengthening API security across REST and GraphQL services
• Conducting threat modeling exercises (STRIDE, PASTA, etc.) for new features and systems
• Launching and operating a bug bounty program
• Building and scaling a Security Champions program across engineering teams
• Partnering with external vendors on penetration testing engagements
• Helping improve secure SDLC practices, standards, and developer guidance
• Sharing security knowledge and promoting security awareness across the organization
  

Who You Are

• 5+ years of experience in Application Security or a similar security engineering role
• Hands-on experience with SAST/DAST/IAST/RASP tooling, especially Snyk and/or Acunetix
• Practical experience with vulnerability management and threat modeling methodologies such as STRIDE and PASTA
• Experience launching or operating a bug bounty program
• Experience conducting penetration testing or collaborating closely with pentest teams
• Strong knowledge of OWASP standards (ASVS, WSTG, Top 10) and secure SDLC principles
• Experience securing APIs, including REST and GraphQL
• Ability to read and understand code across multiple languages including PHP, JavaScript, Go, C#, and C++
• Familiarity with Unity-based desktop/mobile applications is a strong plus
• Broad understanding of application and infrastructure security concepts
• Comfortable working cross-functionally with engineering teams in a collaborative environment
  

Nice to Have

• Security certifications such as OSCP, GWEB, or CSSLP
• Experience with Unity or game engine security
• Familiarity with cloud security concepts in AWS or AliCloud
• Experience integrating security tooling into CI/CD pipelines (GitHub Actions, etc.)
• Experience building or scaling a Security Champions program
  

Why Join Us

• Awarded Best Managed Company of Switzerland by Deloitte in 2024 and 2025
• Bi-Annual Company Wide Trips (2023 Armenia 2025 Switzerland and more to come)
• Work fully remotely from Germany, UK, France or Armenia
• High flexibility and autonomy
• Employee-focused and collaborative culture
• Opportunity to shape and mature security practices in a growing global company
• Modern engineering environment with complex technical challenges and real product impact
  
  

*Please note that candidates must have existing authorization to work in the specified countries, as visa sponsorship is not provided.