Application Security Engineer

Department: Engineering

Location: Stockholm

Employment Type: FullTime

TL;DR We are seeking an Application Security Engineer to champion security across our entire development lifecycle. You’ll play a pivotal role in reviewing code, designing secure features, and mentoring engineers, ensuring security is at the heart of everything we build. If you’re passionate about application security, thrive on close collaboration with developers, and want to do the work of your life, this is your opportunity

Why Lovable?

Lovable lets anyone and everyone build software with any language. From solopreneurs to Fortune 100 teams, millions of people use Lovable to transform raw ideas into real products - fast. We are at the forefront of a foundational shift in software creation, which means you have an unprecedented opportunity to change the way the digital world works. Lovable-built applications and websites are visited hundreds of millions of times a month, and our enterprise footprint is compounding fast. And we’re just getting started.

We’re a small, talent-dense team building a generation-defining company from Stockholm. We value extreme ownership, high velocity, and low-ego collaboration. We seek out people who care deeply, ship fast, and are eager to make a dent in the world.

What You’ll Bring

• 5+ years of experience in application security, securing cloud-native environments at product-focused tech companies, high-growth startups, or leading AI labs.

• Strong programming and engineering skills.

• Deep expertise in application security: secure code review, threat modeling, SAST/DAST, supply chain security, product patching, and vulnerability management.

• Strong background in securing engineering infrastructure: CI/CD pipelines, secrets management, service-to-service authentication, containerized workloads, and public cloud platforms.

• Hands-on experience collaborating with developers to design and implement security features and best practices.

• Passion for educating and mentoring engineers on secure coding, vulnerability remediation, and emerging threats.

• Systems mindset: comfortable reading and contributing to codebases, building security tooling, and integrating security into engineering workflows.

• Bonus: Experience building internal security tools or contributing to open-source security projects.
  

What You’ll Do

• Conduct secure code reviews, threat modeling, and architecture assessments to identify and mitigate vulnerabilities early.

• Work closely with engineering teams to design and implement security features, provide actionable feedback, and ensure security is embedded in product development.

• Lead security training, workshops, and 1:1 mentoring to upskill developers and foster a security-first culture.

• Integrate SAST/DAST and supply chain security tools into our CI/CD pipelines for continuous, automated protection.

• Detect, triage, and respond to application vulnerabilities and incidents, driving remediation and continuous improvement.

• Monitor and address emerging risks in AI infrastructure, LLM pipelines, and third-party dependencies.

• Secure the last piece of software.

Our Tech Stack

• Frontend: React and Typescript

• Backend: Golang and Rust

• Cloud: Cloudflare, Google Cloud, AWS, Modal, Terraform

• DevOps & Tooling: CI/CD pipelines, observability, infrastructure-as-code

And always exploring what’s next.

How to Apply

• Please submit your application in English—our working language at Lovable.

• We’re committed to fair and equal treatment for all candidates. If you’re interested, apply via our careers portal