Application Security Engineer | Mid- Senior | Low-level

The world's most advanced VPN, and a whole lot more.

If you're a curious problem-solver who carves their own path, join the team behind Threat Protection Pro, the Nord Lynx protocol, and the fastest VPN on the planet-tools that put privacy, security, and control back in people's hands.

Your impact? Helping millions take back control of their online security, privacy, and data.

Risk Department plays a vital role in protecting the organization, ensuring resilience and security across all operations. By assessing risks, ensuring compliance, and managing security audits, this team helps build a strong and trustworthy foundation.

• Conduct security reviews of application designs, source code, and third‑party libraries;
• Perform regular application vulnerability assessments using both automated tools and manual testing techniques (e.g., SAST, DAST, SCA, penetration testing);
• Help maintain security tools, scripts, and processes to support secure development;
• Stay current with industry trends, zero‑day vulnerabilities, and best practices in application security;
• Develop scripts and security automation tools to enhance application security testing processes;
• Design and deliver training for security engineering awareness & adoption;
• Actively look for internal security gaps within the product or organization overall;
• Ensure custom‑built libraries/protocols are sufficiently tested and support internal and external audits;

• Proven experience in mobile/desktop application security assessment planning, testing, methodologies, and vulnerability reporting;
• Strong understanding of secure coding practices;
• Ability to perform manual security code audit;
• Familiarity with at least one low‑level programming language (e.g. C, C++, Rust, Go);
• Familiarity with networking protocols such as TCP, UDP and the HTTP protocol;
• Familiarity with debuggers (e.g. GDB, LLDB, Win Dbg) and reverse engineering tools (e.g. Ghidra, IDA);
• Familiarity with memory corruption issues, buffer overflows and related vulnerability classes;
• Familiarity with common authentication and authorization protocols (OAuth, SAML, JWT, etc.);
• Ability to work with networking tools such as Wireshark and tcpdump;
• Ability to quickly assimilate new technologies and tools;
• Sense of ownership with strong problem‑solving and investigation skills;
• Ability to build and maintain relationships, influence key stakeholders across the business;
• Bonus points for community contributions like public CVEs, bug bounty recognition, open‑source tools, blogs, etc.

• Innovate with industry leaders – Work alongside global experts to build world‑leading cybersecurity tools, impacting millions of users around the world.
• Learn & grow – Boost your skills via our extensive training programs (online and offline) & other resources. Benefit from mentorship and career‑switch opportunities to grow within the company.
• Hybrid work – Enjoy the flexibility with 3 office days and working from home for the remaining 2.
• Work from anywhere – Recharge with a change of scenery – choose work from any location when you feel a need to power your creativity and drive.
• Physical well‑being – Fuel your active lifestyle with online workouts led by our Physical Well‑Being experts.
• Mental & emotional health – Nurture your mind with free psychologist consultations, dedicated mental health events, and premium access to top‑rated wellness apps like Calm, Headspace, and Mindletic.
• Joyful moments – special treats – Celebrate life's big moments with special gifts from us on your birthday, anniversary, and other major events, such as weddings or the arrival of a new family member.
• Company events & team‑building – Experience iconic Nord Security celebrations, team‑buildings, and knowledge‑sharing events, nurturing bonds that fuel our success.
• Workation – Embark on a legendary company getaway abroad, filled with exciting activities, live concerts, engaging workshops, and epic time together.