5 days ago
Responsibilities
- Own vulnerability management end-to-end, including triage, prioritization, tracking, and remediation.
- Act as the first responder on security topics, including bug bounty programs and penetration testing.
- Maintain and evolve application security tooling and integrate security checks into CI/CD pipelines.
- Partner with engineering teams to embed security guardrails into development workflows.
- Drive adoption of secure coding standards and OWASP best practices.
- Support and evolve the ISO 27001 compliance program.
- Run and evolve annual security awareness training for developers.
- Track and communicate security risks to engineering leadership.
- Evaluate and adopt new security tools and practices.
Requirements
- 6+ years of software engineering or application security experience with a strong coding background.
- Strong TypeScript/Node.js experience; knowledge of Ruby on Rails, React, Kubernetes, and AWS.
- Deep understanding of application security concepts, including OWASP Top 10.
- Hands-on experience with application security tooling such as SAST, DAST, and SCA.
- Experience with bug bounty programs and penetration testing engagements.
- Familiarity with ISO 27001 or similar compliance frameworks.
- Experience integrating security practices into CI/CD pipelines.
- Ability to drive security initiatives from problem identification to implementation.
- Experience with AI-assisted development tools and understanding of their security implications.
- Strong communication skills for explaining complex security topics.
Benefits
- Competitive salary with attractive benefits.
- Flexible working hours.
- Access to a yearly learning budget for conferences and training.
- Participation in international company retreats.
- Yearly refreshment of IT equipment budget for home working setup.
- Collaboration with an exceptional team.
Tech Stack
AWSKubernetesNode.jsReactRuby on RailsTypeScript