Senior Security Engineer

Employment type: employment relationship

Working hours: full-time, flexible working hours

Seniority level: senior

Recruitment process

1. HR interview (60 minutes), 2. Trial task (mini project), 3. Professional interview (45-60 minutes)

We are expanding our security engineering team and looking for a Senior Security Engineer to join us. You will be part of a small, high-performing team that values collaboration, learning, and impact.

What you’ll do

• Perform secure code reviews (white-box testing) and support developers in writing secure applications.

• Identify, analyze, and mitigate common vulnerabilities (e.g., OWASP Top 10).

• Collaborate with engineering teams to improve secure coding practices.

• Drive automation, introduce new tools, and contribute to process improvements.

• Support security integration in our CI/CD pipelines and microservice-based architecture.

• Work on a high-availability, global product where security is critical.

Tech stack you’ll work with

• Security/Testing: BurpSuite

• Infrastructure: Docker, Microservices, Jenkins

• Collaboration: Atlassian Jira, Bitbucket, Confluence

• Version Control: Git

• IDE: JetBrains suite

• Languages: Typescript/Javascript, NodeJS, PHP, Java/Kotlin, Rust, Python

Things to know

• We do have legacy code and a complex environment, so there are challenges.

• Workload may spike occasionally, requiring prioritization between new tasks and bug fixes.

• Expect occasional out-of-hours meetings (on average less than once per week).

What do we offer:

• Professional development within an international, technology- and people-focused company

• Quiet & convenient work environment with the opportunity to work from home for work-life balance

• Being part of the day-to-day development of a self-developed, high-traffic streaming service platform

• A combination of a big company and a startup environment, offering the advantages of both: stability and flexibility

• Small teams where all team members are actively involved in the decision-making process

• Trainings, self-learning opportunities (Udemy, LinkedinLearning)

• All You Can Move sport pass or Medicare private health insurance, team building budget and quarterly company events

• We trust each other and expect independence, but don’t micromanage

Must-have qualifications

• 3+ years of professional experience in secure code review, application security, or software development with a strong focus on secure code practices.

• Solid understanding of common vulnerabilities and secure coding standards.

• Proficiency in Typescript/Javascript and/or other major web programming languages (PHP, Java/Kotlin, etc.).

• English proficiency (B2) – ability to communicate effectively with international colleagues.

Nice-to-have qualifications

• Experience with DevSecOps, security tooling (SAST, DAST), and CI/CD integration.

• Familiarity with Docker and microservices architectures.

• Professional certifications such as OSWA, OSWE, CSSLP, BSCP, CEH, OSCP or equivalent.

• Knowledge of additional programming languages (Rust, Python) is a plus.