AppSec Jobs
← Back to all jobs

Hays

Application Security Engineer (DevSecOps)

Hybrid
Madrid, Community of Madrid, SpainPosted 1 week agoWebsite
Apply on LinkedIn →

At a Glance

AWSAzureGCPOWASPNISTISO 27001

About This Role

The Application Security Engineer (m/f/d) is responsible for integrating security into the software development lifecycle (SDLC), conducting security testing, and ensuring applications are resilient to cyber threats. They work closely with development teams to identify, remediate, and prevent security vulnerabilities. We're looking for an Application Security Engineer to join our growing global team in Madrid and help implement, secure, and evolve the digital backbone of our enterprise. This is your chance to make an impact on projects that touch every corner of our organization—while working in a modern environment that values both collaboration and flexibility. The working location for this position will be in Madrid city where we are currently setting up a new office. We operate a hybrid model, requiring at least 40% of the working time on-site.

Responsibilities

  • Implement security controls and tools for application security testing (SAST, DAST, IAST)
  • Perform vulnerability assessments and penetration testing on applications
  • Collaborate with developers to remediate security issues and enforce secure coding practices
  • Automate security testing within CI/CD pipelines
  • Monitor and respond to application security threats and incidents
  • Maintain security documentation, policies, and compliance requirements
  • Support in the integration of new applications and technologies including secure configuration
  • Assist in developing security awareness programs for development teams

Requirements

CISSPOSCPAWSAzureGCPNISTOWASP
  • Bachelor's/Master's in Cybersecurity, Computer Science, or related field
  • 3+ years in cybersecurity, preferably in Application Security Engineer Role
  • CISSP, OSCP certifications preferred
  • Cloud certifications (AWS, Azure, or GCP) preferred
  • English is a Must, German and French are a plus
  • Understanding of cybersecurity frameworks and standards (ISO 27001, NIST)
  • Deep understanding of application security concepts and principles
  • Knowledge of application security tools and techniques (e.g., vulnerability scanners, code analysis tools)
  • Expertise in secure coding practices and methodologies
  • Knowledge of OWASP framework, defensible architectures

Benefits & Perks

Attractive salary and social benefits
Flexible and hybrid working
Freedom for creative work
Safe and secure workplace
Individual development and training opportunities
Meal voucher
Life and accident insurance
Exclusive offer for a premium private health insurance package
Bonus payments for Christmas and holidays, based on the collective agreement

About Hays

Hays plc is a global specialist recruitment and staffing company with a history dating back to 1867. Originally starting as a logistics and distribution business in London, Hays has evolved into a leader in personnel services and specialist recruitment. The company shifted its focus entirely to recruitment in 2003 and was renamed Hays AG in 2004. Today, Hays offers a range of services, including permanent placement for vacant positions, temporary staffing, and freelance specialist deployment. The company operates internationally, with offices in the UK, Australia, and various European countries such as Germany, France, and Switzerland. Hays is recognized as a worldwide market leader in specialist recruitment, serving multiple sectors and specializations.

Industry

staffing & recruiting

Employees

11,000

778 engineers

Revenue

$9.1B

Website

Visit →

Security at Hays

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

Hays' technology management practices aim to ensure robust, resilient, and secure operations. The security governance is led by the Chief Digital and Technology Officer (CDTO). External advisers conduct regular penetration testing, and Hays partners with Cognizant to enhance its Security Operations capability. 'Application Security' is listed as a service offering. Hays' market insights reports discuss 'AI threats' in the context of cyber. Job postings indicate a priority to 'Design, implement, and manage comprehensive cybersecurity awareness'. Information regarding developer enablement vs. gatekeeping, explicit risk philosophy phrasing (like 'risk-based approach' or 'threat modeling'), and stated pain points or goals (like 'reducing scanner noise' or 'automating remediation') is not publicly available.

Security Team

The security team is 'Led by the Chief Digital and Technology Officer (CDTO)'. Roles such as 'Business Information Security Officer' are expected to 'Act as the frontline cybersecurity liaison' and focus on 'embedding cybersecurity into everyday operations'. Key public-facing leaders include Neil Khatod, Head of Cyber Security, Hays Americas, and Miguel Duran, Cyber Security Expert & Strategic Partnerships Lead, Americas. As of, the team size estimate is 'Information not publicly available', with LinkedIn searches yielding insufficient data for precise sizing. At least 2 active cybersecurity-related job postings were found. Common skills and tools referenced in job postings include 'NIST CSF, CIS Controls, ISO/IEC 27001'.

Key Initiatives

The status of a 'Security Champions Program' is 'Information not publicly available'. Similarly, specific 'Shift Left' practices (e.g., pre-commit, IDE, CI/CD security actions) are 'Information not publicly available'. For vulnerability management, 'External advisers conduct regular penetration testing' for intake, but details on triage/remediation SLAs or ticketing are 'Information not publicly available'. While job descriptions reference embedding security, awareness, and compliance with frameworks, explicit 'Secure SDLC Artifacts' like 'threat modeling' or 'security reviews for all major features' are not found. 'No explicit press or blog statements about new AppSec programs' in the last 6 months were discovered, though Hays does publish market-insights cyber reports and offers Cyber Solutions services.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.

Interested in this role?

Apply on LinkedIn