Application Security Engineer

About Lucidya

Lucidya is an AI-native Customer Experience Intelligence platform enabling enterprises to understand, engage, and retain customers at scale. As Lucidya continues to scale globally, building secure-by-design products is a top priority. Security is a core pillar of our engineering strategy, and we are investing heavily in strengthening our application security posture across all products and platforms.

To support this growth, we are looking for an Application Security Engineer to help drive secure development practices, proactively identify vulnerabilities, and embed security across the software development lifecycle.

About the Role

This is the first dedicated Application Security role at Lucidya, making it a high-impact and foundational position. You will play a critical role in shaping Lucidya’s application security strategy, working closely with engineering teams to identify risks, close security gaps, and ensure our applications are secure by design.

You’ll operate at the intersection of security engineering, software development, and cloud infrastructure, thinking like an attacker while enabling developers to build secure, scalable systems.

What You’ll Be Doing

Core Responsibilities

• Develop and implement automated security testing and vulnerability detection workflows integrated into the Software Development Lifecycle (SDLC).
• Conduct security reviews of web applications, mobile applications, APIs, and cloud environments (public and private).
• Perform penetration testing on web, mobile, API, and desktop applications, as well as supporting infrastructure.
• Evaluate application defenses, identify architectural and design-level security gaps, and recommend mitigation strategies.
• Think like an attacker to proactively identify vulnerabilities and complex security risks before they reach production.
• Collaborate closely with engineering teams to support secure coding practices and security-aware development.
• Conduct code reviews with a security focus, especially for critical services and deployments.
• Research emerging threats and contribute to the development or adoption of new security tools and techniques.Day-to-Day Responsibilities

• Review application code and architecture from a security perspective.
• Support and guide teams on secure development lifecycle (SDLC) practices.
• Work closely with developers during feature development and releases to ensure security controls are in place.
• Participate in threat modeling, vulnerability triage, and remediation tracking.
• Contribute to defining and evolving Lucidya’s application security strategy.

Success Metrics

• Measurable reduction in application vulnerabilities, including findings from external security assessments.
• Clean and secure application releases with minimal critical or high-risk findings.
• Successful integration of security practices across SDLC pipelines.
• Improved security posture and readiness as validated by internal and external reviews.

First 90 Days

• Gain a deep understanding of Lucidya’s system architecture, codebase, and security landscape.
• Identify key security gaps and prioritize remediation plans.
• Begin embedding security workflows into CI/CD and development processes.
• Establish trust and working relationships with engineering teams.Requirements

What We’re Looking For

Experience & Background

• 2-4 years of experience in application security, security engineering, or a related role.
• Background as a software engineer transitioning into security is highly valued.
• Hands-on experience securing applications built with Ruby on Rails and React.
• Experience performing penetration testing on modern web applications and APIs.Technical & Security Skills

• Strong understanding of the Secure Development Life Cycle (SDLC).
• Hands-on penetration testing experience (web, mobile, APIs).
• Cloud security experience with AWS and/or GCP.
• Ability to assess application architecture and identify design-level risks.Certifications (Preferred / Non-Negotiable)

• CISM
• OSCP
• SANS GIACSoft Skills

• Strong communication skills and ability to work cross-functionally.
• Comfortable engaging with developers, engineers, and stakeholders.
• Proactive, ownership-driven mindset in a fast-growing environment.Nice-to-Have

• Experience working in SaaS or AI-driven products.
• Exposure to building security functions from scratch.
• Prior experience with security tooling development or automation.

Hiring Process

• Screening Interview – Esraa Adel, Talent Acquisition Partner
• First Technical Interview – Mostafa Asaad, Technology Manager
• Technical Task
• Second Interview