Product Overview
Features & Benefits
Integrations & Extensibility
Flexible Deployment
Success Accelerator Services
Product Tour
Agentic SCA
Flexible Deployment
Success Accelerator Services
Product Tour

Agentic SCA

FossID Agentic Software Composition Analysis (SCA) brings software supply chain integrity into the moment of code creation for continuous, real-time license and security compliance so you can move at AI-speed and eliminate reactive code rework.
Learn More About Agentic SCA
Professional Services Overview
Open Source Audit
Open Source Insights
SAST Code Review
Third-Party API Risk Audit
Application Penetration Testing
Code Quality Audit
Tech Due Diligence Services
Software Risk Audits
Third-Party API Risk Audit
Application Penetration Testing
Code Quality Audit
Tech Due Diligence Services
Software Risk Audits
Successful software composition analysis requires not only technology but human expertise as well. This includes open source license auditing, dynamic and static application security testing, architecture risk analysis and other analysis efforts.
Learn More About Software Risk Audits
All Use Cases
Generate Complete SBOMs

Leverage Generative AI Code with Confidence

Streamline Technical Due Diligence

Prevent Intellectual Property Leakage

Streamline Technical Due Diligence

Prevent Intellectual Property Leakage

All Topics
AI-Assisted Coding
Application Security
Development Operations
License and Copyright
Mergers and Acquisitions
Open Source Software
Security Vulnerabilities
FossID Solutions
Open Source Software 101
AI-Generated Code Series
Sushi Bytes Podcast

About FossID

Customer Success

Partner Program

Auditor Big Saves

Careers

News

FossID Auditor Big Saves
Our expert open source auditors have made many “big saves” for our clients – catching unusual and elusive compliance and security issues that could have otherwise been big problems.
Check Out the Auditor Big Saves

Careers

Application Security Analyst

Full-time
Hybrid
Bucharest, Romania
APPLY NOW

Company Overview

FossID is a global leader in software composition analysis (SCA), dedicated to enhancing software transparency, security, and compliance for organizations worldwide. Our cutting-edge tools empower developers to manage and secure software assets efficiently. As we continue to evolve our product portfolio, we are seeking a talented Application Security Analyst to join our Bucharest team.

Job Description

We are seeking an inquisitive and meticulous Application Security Engineer to join our FossID team. The ideal candidate will have experience and knowledge in Static Application Security Testing (SAST), manual code review, and code quality audits, with opportunities to contribute across a broad range of software audit disciplines including penetration testing, observability, and secure design.

Key Responsibilities

  • Conduct SAST and manual code reviews to identify vulnerabilities and ensure secure, maintainable code.
  • Perform code quality audits against best practices and coding standards.
  • Perform comprehensive open source audits to identify third-party components, assess licensing obligations, and detect potential compliance risks.
  • Develop Python scripts to support security testing and reporting.
  • Collaborate on internal tool development to streamline assessment workflows.
  • Prepare detailed, actionable reports on findings, risk levels, and remediation steps.
  • Maintain documentation of processes, audit outcomes, and code review results.

Required Experience

  • Hands-on experience with SAST (and optionally DAST).
  • Strong background in manual code review and code quality assessment.
  • Proficiency in Python scripting for automation.
  • Solid understanding of common security vulnerabilities and secure coding practices.
  • Ability to analyze code in multiple programming languages.
  • Familiarity with Agile and DevOps workflows.

Desirable Experience

  • Exposure to DAST, open-source audits, and secure software design.
  • Experience with audit frameworks and industry resources (OWASP, CVE, CWE, CVSS, NVD, EPSS, KEV Catalog, CWSS).
  • Background in software development or QA with secure SDLC practices.
  • Familiarity with microservices, cloud-native architectures, and security tools.

We Offer

  • Competitive salary and flexible work arrangements.
  • Opportunity to work in a dynamic, growing sector at the forefront of open-source software transparency and security
  • A collaborative, innovative team environment that values creativity and forward-thinking.
  • Comprehensive opportunities for personal and professional growth.

Embark on a journey with FossID, where your skills will shape the future of software compliance and security. We can’t wait to see the unique impact you will make!

APPLY NOW