appflame — Ukrainian product IT company that creates world-class products: Hily, Taimi, AdConnect, Mailkeeper, and more.
We are today: • 7 years, 500+ employees, offices in Kyiv, London, Limassol, and Warsaw. Ranked 5th among the 50 best employers in Ukraine (Forbes 2025) and won in the “Place for Growth” category. • Our apps Hily and Taimi are among the Top 5 dating apps in the U.S. with over 60 million users.
Our mission: Flame up the world with Ukrainian products. Our goal: Become a unicorn and turn Ukraine into a country where unicorns are born and thrive.
Role overview: You’ll focus on securing the SDLC, automating application security, developing anti-phishing initiatives, and building a strong security culture across all teams. You’ll work closely with Developers, DevOps, QA, and the Trust & Safety team to embed security throughout the development and delivery lifecycle.
You’ll also be the first security hire, with the opportunity to build a team and grow into a Head of Security role.
In this role, you will: * Build and implement Secure SDLC practices within the development process * Integrate SAST, DAST, SCA, and other security tools into CI/CD pipelines * Identify, analyze, and support the remediation of vulnerabilities in applications and dependencies * Automate basic anti-phishing mechanisms and security controls * Advise engineering teams on secure coding and security best practices * Deliver security training and improve team awareness * Participate in security monitoring and incident response * Support the implementation of asset and risk management practices
What we expect from you: * 2–3+ years of experience in Product Security / AppSec / DevSecOps * Experience with Secure SDLC or DevSecOps practices * Familiarity with SAST, DAST, SCA, or other security scanning tools * Experience working with CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, etc.) * Hands-on experience using AI-driven security platforms to analyze vulnerabilities in code, dependencies, and cloud infrastructure * Good understanding of OWASP MAS and common web and mobile vulnerabilities * Experience building or improving risk management processes (risk assessment, SDLC integration, stakeholder visibility)
Nice to have: * Experience building AppSec / DevSecOps practices from scratch * Experience with threat modeling or architecture security reviews * Experience working with cloud platforms (AWS, GCP) * Experience with Kubernetes and container security * Participation in security incident response * Relevant security certifications
Your journey: message from the recruiter > interview with manager > test> final interview > job offer.
Why appflame? * Real Impact: Implement your ideas on a global scale with millions of users. * No Barriers: Access to best practices from Snapchat, Meta, Google, and Apple. * Growth Environment: We provide all resources to implement cutting-edge AI and automation. * Care: We don’t leave our people alone with problems—professional or personal.
We provide all conditions for your talents to be fully revealed. We are loyal to our people. Our loyalty doesn’t fade at the end of the working day. We do not leave our people alone with their problems: neither professional nor personal.
Join us and flame up the world!
We are against all types of discrimination, bullying, and stereotypes. We provide equal employment opportunities regardless of race, skin color, religion, gender, sexual orientation, gender identity, age, marital status, health status or any other characteristics.
