Startise This company has been verified by this domain -

Dhaka, Bangladesh

Job Title
Application Security Engineer
30000 - 40000 BDT Monthly
Mirpur DOHS, Bangladesh
Job Type
Permanent On-site
30 June, 2024

Company Description

Startise is a beacon of innovation and the dynamic parent company of WPDeveloper and many other subsidiaries. With a diverse portfolio of brands, we are committed to evolving and fostering excellence to help millions globally in their pursuit of growth and success across a wide range of ventures. 

We strongly believe ‘good for the business’ should also mean ‘good for the customers’ and our brands are enhancing the experiences of over 6 million users in unique ways across the web and beyond, leveraging the strengths of our wide and specialized portfolio.

  • Security
  • SQA


Startise is looking for an Application Security Engineer who has a deep personal interest in web application security and who can help us validate vulnerability reports and perform code-reviews on PHP and Javascript based applications. This is a crucial role to secure applications used by 6 million plus users globally. Most importantly, we're looking for a full-time team member who is an excellent communicator and who can grow with the rest of the team.



  • Proven experience as an application security engineer or similar role
  • A solid understanding of WordPress and its ecosystem is required
  • A solid understanding of core PHP & JS, OOP and MySQL is required
  • Strong understanding of Bash Scripting, Linux system administration, network security principles and protocols is required
  • A solid understanding of how browsers, the web and HTTP works
  • Hands-on experience with security testing tools like BurpSuite, OWASP ZAP, or Metasploit is required
  • Deep understanding of web application security concepts and common vulnerabilities (OWASP Top 10, CVSS Scoring, CVE) is required
  • Effective communication skills, with the ability to convey complex security concepts to technical and non-technical team members


Would be helpful:

  • Regular attendance in CTF competitions will help identify a good candidate
  • Active participation in bug bounty programs, demonstrating practical skills in identifying and resolving security vulnerabilities
  • Having industry certifications is a plus
  • Previous vulnerability research and findings, preferably CVE IDs assigned under your name
Job Responsibilities

Day-to-day tasks include:

  • Regularly perform security code reviews and penetration tests against PHP based applications (Mostly WordPress)
  • Perform black-box penetration tests on SaaS solutions (Laravel, NodeJS)
  • Review and analyze code for security vulnerabilities, including static and dynamic analysis
  • Validate vulnerability reports from renowned security vendors such as Patchstack, WordFence, etc
  • Collaborate with development teams to prioritize and remediate security issues
  • Monitor and respond to security incidents, including conducting root cause analysis
  • Perform functional and non-functional testing
  • Provide suggestions and recommendations for secure application design
  • Stay updated on the latest security threats, vulnerabilities, and industry best practices
Life at Startise