TL;DR

Senior Product Security Engineer (AI): Taking primary ownership of product security posture for an open workflow orchestration platform with an accent on vulnerability management, secure SDLC integration, and incident response. Focus on implementing pragmatic security practices that scale with a fast-growing, open-source-driven SaaS platform.

Location: Remote-first. The team works remotely across Europe and the US. Visa sponsorship to Germany is possible. The company has offices in Berlin and London. Must be based in one of the following countries: Albania, Bulgaria, Bosnia, Croatia, Czech Republic, Estonia, Hungary, Kosovo, Latvia, Lithuania, Moldova, Montenegro, Poland, Romania, Serbia, Slovakia, Slovenia, Ukraine, Denmark, Finland, Norway, Sweden, Greece, Italy, Portugal, Spain, United Kingdom, Austria, Belgium, France, Germany, Ireland, Netherlands, United States.

Company

%hirify_global% is an open workflow orchestration platform built for the new era of AI, enabling technical teams to automate faster, smarter, and without limits with a mix of code and no-code.

What you will do

Own vulnerability management and disclosure processes, including the Vulnerability Disclosure Program (VDP) and GitHub Security Advisories (GHSA).
Evaluate, implement, and maintain security tooling across the SDLC (SAST, DAST, dependency and container scanning, SBOMs).
Lead coordination of security incidents from detection through resolution and communicate during security incidents.
Define and maintain security policies, manage relationships with security researchers, and help shape longer-term security strategy and roadmap.
Embed security into the software development lifecycle through threat modeling, design reviews, and advising engineering teams on secure coding practices.

Requirements

5+ years of experience in product security, application security, or a closely related role.
Hands-on experience with vulnerability management and disclosure workflows.
Strong understanding of common web application vulnerabilities (e.g., OWASP Top 10).
Experience implementing and operating security tooling (SAST, DAST, dependency and container scanning).
Proven ability to write clear security documentation and communicate with both technical and non-technical audiences.
Experience engaging with security researchers or bug bounty programs.
English: B2 required (company language is English).

Nice to have

Experience securing SaaS platforms in cloud-native environments.
Familiarity with JavaScript/TypeScript and the Node.js ecosystem.
Experience working in high-growth or open-source-adjacent companies.
Knowledge of DevSecOps practices and CI/CD security integration.

Culture & Benefits

Competitive compensation including equity ownership.
Generous vacation time (30 days for Europe, 15 days for US) to ensure work/life balance.
Comprehensive health & wellness benefits tailored to local country norms (Europe) or multiple medical plans (US).
Future planning support with pension contributions (Europe) or a 401(k) retirement plan with a 4% employer match (US).
Annual €1K budget for career growth on courses, books, events, or coaching.
Remote-first team working across Europe with regular off-sites for team bonding.
Unlimited AI budget to boost productivity and creativity, plus $100/month to support open-source projects.