AppSec - Vulnerability Management Engineer

Company

Trendyol

Date Posted

23-11-2025

Location

Istanbul, Istanbul, Turkey

Apply Now Visa Sponsorship History

ABOUT THE TEAM

We’re shaping the future of financial technology at Trendyol.
As Trendyol’s technology teams, we’re not only building for today we’re designing the financial experiences of tomorrow. From payment infrastructure and digital wallets to smart credit systems and personalized financial services, we create solutions that empower millions of users across our ecosystem.
With Trendyol Pay, we enable fast, secure, and seamless payment journeys. Through Trendyol Finance, we develop inclusive and accessible products that simplify financial decisions.

We are united by a shared purpose:To create a positive impact in our ecosystem by enabling commerce through technology

About the Role
As an Application Security Engineer, you’ll work closely with Trendyol’s engineering teams to enhance application security across our platforms. You’ll perform web and mobile security testing, validate fixes through code reviews, and provide expert guidance on secure coding practices. In this role, you’ll support our bug bounty program, develop custom security tools, and help drive root-cause analysis and remediation. We’re looking for a collaborative, open-minded teammate who is eager to improve, communicate clearly, and promote security best practices throughout the organization.
Your Main Responsibilities:
    • Ability to work collaboratively in a team environment and is a friendly, humble, responsible teammate.
    • Be a subject matter expert and guidance to Trendyol Engineering for secure coding practices, application security.
    • Experience in performing web security testing on web applications and mobile applications.
    • Ensuring to confirm of the fix of the vulnerability by making manual code review on the relevant commit.
    • Experience identifying and protecting against web application and web-service security vulnerabilities including those found in the OWASP Top 10.
    • Experience in fixing vulnerabilities, documenting and remediation guidance for discovered vulnerabilities.
    • Developing custom security tools and security rules(e.g. Semgrep / Nuclei)
    • Promoting security best practices among developers.
    • Ability to conduct root cause analysis against vulnerabilities and determine feasible technical solutions.
    • Managing Bug Bounty Platform.
Qualities We Are Looking For:
    • Experience with multiple programming/scripting languages (such as, Java, Golang, Python etc.)
    • Having excellent communication skills.
    • Experience with vulnerability management and enterprise remediation efforts.
    • Being an Agile minded team player.
    • Eagerness on self-improvement, open-minded, future-oriented.
    • English language skills for reading technical documentation and to fix the vulnerabilities with international developers.
    • Professional certification (e.g. eWPTeWPTXv2OSWEeMAPTGWAPT) preferred.
    • Familiarity with front-end and back-end web application frameworks (i.e. Spring, Gin, React, etc).
    • Bonus points for community contributions like public CVEs, bug bounty recognition, blogs, etc.
What We Offer
A hybrid working model with flexibility — a schedule that helps you find the right balance between flexibility and team bonding, including work-from-abroad opportunities and a summer working model.
A customizable FlexBenefits budget — Adjust your daily meal allowance, choose your health insurance package (and extend it to your spouse or children), and pick from additional benefits like fuel support or Trendyol shopping credits.
Comprehensive wellbeing support — Take advantage of our extended health package, which includes annual mini health screenings, access to location-based in-house doctors, psychologist and dietitian support, and HPV vaccination coverage.
Personalized training allowance and learning opportunities — Use your annual budget for any training or conference of your choice, explore our Learning Management System (LMS) anytime, and join in-person learning sessions offered throughout the year.
Responsibility from day one — Take full ownership from the start in a culture where every voice is heard and valued.
A diverse, international team — Collaborate with global peers across our offices in Berlin, Amsterdam, Dubai, and beyond, in a startup-spirited and collaborative environment.
Opportunities to grow with the best — Tackle meaningful challenges, develop through hands-on experience, and grow with the support of expert guidance and global mentoring.
Meaningful connections beyond tasks — Be part of team rituals, events, and social activities that help us stay connected and inspired.


Take the Next Step
If this role excites you, apply now and let’s take the next step together.
Want to get to know the team better first? Explore our Career WebsiteLinkedIn, or YouTube to learn more about #LifeatTrendyol and how we work.