Application Security Engineer

Application Security Engineer — Hiring via a Hiring Quest

Tactful | Tech-Driven SaaS Environment | Immediate / Near-term Start

Company:

Tactful AI

About Tactful

Tactful is building intelligent customer engagement infrastructure for modern businesses. The platform powers real-time communication, automation, and scalable SaaS workflows across multiple clients and regions.

Security is not a checklist here — it's embedded in architecture, engineering decisions, and product evolution.

This Role Is Hiring Through a Hiring Quest

We don't accept CVs for this position.Candidates apply through a skills-based Hiring Quest, where security thinking, risk awareness, and engineering judgment matter more than keywords or formatted résumés.

If you think like a security engineer and build like a developer, this process is built for you.

Job Requirements

We're looking for an Application Security Engineer (3–5 years experience) with strong development foundations.

Must Have:

• 3–5 years of Application Security experience
• Strong software development background
• Cloud & container security (AWS, Docker, Kubernetes)
• Backend & frontend stack awareness , Python, React, Vue)
• Penetration testing experience
• Security reviews & threat modeling
• Understanding of secure SDLC practices

Bonus:

• Multi-tenant SaaS security experience
• Experience securing distributed systems
• Strong communication in explaining security risks
• Ability to prioritize risks pragmatically

How It Works

• Explore the challenge details before registering
• Register if you believe you meet the requirements
• Submit your solution before the deadline
• Top candidates are invited to a live technical review
• Finalists proceed to the hiring stage

Your Quest

You will analyze and secure a real-world SaaS architecture scenario.

The challenge will test:

• Threat modeling ability
• Risk prioritization logic
• Practical mitigation strategies
• Secure system design thinking
• Communication clarity in explaining trade-offs

This is about proving how you think under security pressure — not listing tools.