We're looking for a deeply technical security engineer with experience embedding security into the product lifecycle. You'll help secure fast-moving engineering teams by reviewing code, modeling threats, integrating DevSecOps practices, and conducting targeted assessments.
Roles and Responsibilities
Experience in secure architecture review or threat modeling (STRIDE, LINDDUN, etc.)
Delivered developer training or workshops
Perform code reviews and source coposition analysis (manual + tooling) across various stacks
Build and maintain threat models for features and system designs
Review Infrastructure-as-Code (IaC) for misconfigurations (Terraform, CloudFormation, etc.)
Assess and improve CI/CD pipeline security
Conduct penetration testing as part of the SDLC (targeted, not checklist)
Define and roll out secure coding practices and developer training
Assist with SAST/SCA/DAST tool selection and tuning
Create reusable security design patterns and hardening guides
Requirements
5+ years in application or product security roles
Strong experience with code review in at least one language: Java, Python, JS/Node, Go, etc.
Familiarity with modern SDLC practices and CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI)
Hands-on with IaC and container technologies (Docker, Kubernetes, Terraform, etc.)
Solid understanding of OWASP ASVS, Secure Coding Guidelines, CWE, etc.
Ability to communicate security issues to dev teams with context and empathy
Ready to Apply?
Join our team of cybersecurity experts and make a real impact.