Назад
Company hidden
5 дней назад

Product Security Engineer II (Cybersecurity)

Формат работы
hybrid
Тип работы
fulltime
Грейд
middle
Английский
b2
Страна
Netherlands
Вакансия из списка Hirify.GlobalВакансия из Hirify RU Global, списка компаний с восточно-европейскими корнями
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Product Security Engineer II (Cybersecurity): Building and maintaining security tooling and automation to establish secure-by-default patterns for a global trade platform with an accent on developer enablement and vulnerability management. Focus on designing guardrails, conducting threat modeling, and partnering with engineering teams to identify and mitigate security risks across the software development lifecycle.

Location: Must be based in Amsterdam, Netherlands (Hybrid: 3 days/week in office)

Company

hirify.global is a technology-driven logistics company shaping the future of global trade by making commerce easy and accessible for businesses of all sizes.

What you will do

  • Build guardrails and AI-accelerated patterns to ensure secure-by-default development.
  • Contribute to threat modeling, design reviews, and code reviews to balance risk and velocity.
  • Triage, reproduce, and validate bug bounty submissions and internal security reports.
  • Partner with development teams to drive remediation and track security issues.
  • Develop and maintain security tooling, automation, and developer documentation.
  • Respond to emerging threats and stay current on web and cloud security trends.

Requirements

  • 2–5 years of experience in product/application security or software development with a security focus.
  • Strong grasp of web application security principles and common attack vectors like OWASP Top 10.
  • Proficiency with application testing tools such as Burp Suite or OWASP ZAP.
  • Working knowledge of at least one modern programming language (Ruby, Java/Kotlin, TypeScript/JavaScript, or Python).
  • Working knowledge of at least one major cloud provider (AWS, GCP, or Azure).
  • Hands-on experience with SAST tools like Semgrep or Snyk.
  • Must be able to work from the Amsterdam office 3 times per week.

Nice to have

  • Hands-on experience with bug bounty platforms.
  • Experience with cloud infrastructure security and container technologies.
  • Participation in CTF events or open-source security projects.
  • Familiarity with threat modeling frameworks and secure SDLC best practices.

Culture & Benefits

  • Collective health insurance plan with premiums fully paid by the company.
  • Defined pension contribution scheme and equity program for all team members.
  • 25 working days of vacation per year.
  • Daily catered lunches, breakfast, and snacks provided in the office.
  • Parental leave program for mothers and partners.
  • Employee Assistance Program for household members.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →