Мэтч & Сопровод
Покажет вашу совместимость и напишет письмо
Описание вакансии
TL;DR
Senior Security Engineer (Application Security): Secure Prolific’s applications end-to-end by performing hands-on web/API security testing, code review, and threat modelling with an accent on OWASP Top 10 attack paths and CI/CD security automation. Focus on building and tuning SAST/SCA/DAST/secret scanning, improving detection coverage, and staying ahead of emerging threats while embedding secure development practices across the SDLC.
Location: London, United Kingdom; Remote
Company
Prolific builds a human data infrastructure platform used by research institutions and AI labs.
What you will do
- Act as the technical authority for application security, working hands-on with engineering teams.
- Find and fix vulnerabilities through security testing, code review, and threat modelling of new features.
- Build and tune security tooling and automation to keep the platform secure as it scales.
- Implement and maintain CI/CD security controls including SAST, SCA, DAST, and secret scanning.
- Run penetration tests and improve detection coverage for emerging threats.
- Collaborate cross-functionally with product engineering, platform, data, and TechOps teams.
Requirements
- Several years of experience in application/product security with a background in software engineering.
- Strong knowledge of OWASP Top 10 (Web & API) and modern attack paths (e.g., auth flaws, SSRF, injection, business logic abuse, supply chain).
- Hands-on security testing experience, especially with Burp Suite, across web apps and APIs.
- Experience implementing and tuning SAST, SCA, DAST, and secret scanning in CI/CD.
- Practical threat modelling experience, including leading lightweight sessions.
- Python experience for security tooling, automation, or custom detection.
Nice to have
- Experience with Django, Vue.js, MongoDB, or GCP.
- Security champion experience or bug bounty programme experience.
- Supply chain security (SCA, SBOMs, dependency review) and IaC security (e.g., Terraform, policy-as-code).
- Hands-on certifications such as OSCP, GWAPT, or BSCP.
Culture & Benefits
- Remote working option alongside on-site collaboration in London.
- Mission-driven work focused on high-quality human data for AI development.
- Competitive salary and benefits (exact details not specified).
- Builder mindset encouraged through automation and practical security improvements.
Hiring process
- Interviews with engineering leadership and cross-functional stakeholders.
- Technical evaluation focused on application security, testing, and security automation.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →