Назад
5 дней назад

Senior Security Engineer

Формат работы
remote
Тип работы
fulltime
Грейд
senior
Английский
b2
Страна
UK

Мэтч & Сопровод

Покажет вашу совместимость и напишет письмо

Описание вакансии

Текст:
/

TL;DR

Senior Security Engineer (Application Security): Secure Prolific’s applications end-to-end by performing hands-on web/API security testing, code review, and threat modelling with an accent on OWASP Top 10 attack paths and CI/CD security automation. Focus on building and tuning SAST/SCA/DAST/secret scanning, improving detection coverage, and staying ahead of emerging threats while embedding secure development practices across the SDLC.

Location: London, United Kingdom; Remote

Company

Prolific builds a human data infrastructure platform used by research institutions and AI labs.

What you will do

  • Act as the technical authority for application security, working hands-on with engineering teams.
  • Find and fix vulnerabilities through security testing, code review, and threat modelling of new features.
  • Build and tune security tooling and automation to keep the platform secure as it scales.
  • Implement and maintain CI/CD security controls including SAST, SCA, DAST, and secret scanning.
  • Run penetration tests and improve detection coverage for emerging threats.
  • Collaborate cross-functionally with product engineering, platform, data, and TechOps teams.

Requirements

  • Several years of experience in application/product security with a background in software engineering.
  • Strong knowledge of OWASP Top 10 (Web & API) and modern attack paths (e.g., auth flaws, SSRF, injection, business logic abuse, supply chain).
  • Hands-on security testing experience, especially with Burp Suite, across web apps and APIs.
  • Experience implementing and tuning SAST, SCA, DAST, and secret scanning in CI/CD.
  • Practical threat modelling experience, including leading lightweight sessions.
  • Python experience for security tooling, automation, or custom detection.

Nice to have

  • Experience with Django, Vue.js, MongoDB, or GCP.
  • Security champion experience or bug bounty programme experience.
  • Supply chain security (SCA, SBOMs, dependency review) and IaC security (e.g., Terraform, policy-as-code).
  • Hands-on certifications such as OSCP, GWAPT, or BSCP.

Culture & Benefits

  • Remote working option alongside on-site collaboration in London.
  • Mission-driven work focused on high-quality human data for AI development.
  • Competitive salary and benefits (exact details not specified).
  • Builder mindset encouraged through automation and practical security improvements.

Hiring process

  • Interviews with engineering leadership and cross-functional stakeholders.
  • Technical evaluation focused on application security, testing, and security automation.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →