DevSecOps engineer at Ford ensuring secure software development and compliance with security standards. Collaborating with teams to embed security practices and assess vulnerabilities in software delivery.
About the role
- Security Engineer working with engineering teams to build secure products at Aircall. Focused on risk identification and management throughout the software development lifecycle.
Responsibilities
- Partner with engineering teams to review designs and implementation plans, identifying security risks early and recommending mitigations.
- Perform threat modeling for new features and major changes, helping teams document risks, assumptions, and security controls.
- Identify and help remediate common vulnerability classes across services and APIs (e.g., auth/authz, injection, data exposure, logic flaws).
- Triage and support remediation of vulnerabilities identified through SAST/DAST tools, internal testing, or third-party findings.
- Conduct security testing and validation, including targeted manual testing for high-risk areas.
- Help improve secure development practices by creating reusable guidance, checklists, and secure patterns for engineering teams.
- Contribute to security tooling and automation that improves coverage, reduces false positives, and streamlines security reviews.
- Assist with product security incidents by supporting investigation, impact analysis, and follow-up remediation.
- Communicate security risks clearly and pragmatically, helping teams prioritize effectively and ship safely.
- Document learnings and contribute to evolving product security processes and standards.
Requirements
- 2–5 years of experience in Product Security, Application Security, or software engineering with a strong security focus.
- Strong understanding of web application and API security fundamentals and common vulnerability classes (OWASP Top 10).
- Experience performing security reviews, threat modeling, or secure architecture assessments for software systems.
- Familiarity with security testing tools and practices (SAST/DAST, dependency scanning, fuzzing, manual testing).
- Comfort reading and reviewing production code in at least one language (e.g., Python, Go, Java, JavaScript/TypeScript).
- Exposure to automated or AI-assisted security tools or workflows, and interest in applying them to improve developer experience and security outcomes.
- Ability to work cross-functionally with engineering teams and communicate findings in a constructive, actionable way.
- Proven ability to drive remediation efforts and follow through on risk reduction outcomes.
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Security Officer responsible for ensuring safety and security at the Genesee Brewing Company. Monitoring premises, responding to emergencies, and providing visitor assistance during shifts.
Security Estimator creating estimates and proposals for security projects at LINX. Collaborating with engineering and sales teams for system design and client relationships.
Product Security Architect at Expedia designing secure architecture for services and APIs. Collaborating with teams to guide secure practices and integrate AI - driven solutions.
IT Security Officer overseeing information security for a specific IT sector at Desjardins. Collaborating with cross - sector teams and managing information security risks and vulnerabilities.
Associate, Information Security professional at Santander focusing on Vulnerability Management and network security exposure. Collaborating with teams to enhance security posture and manage technology risks.
IAM Security & Technology Governance person driving IAM technical program with cutting - edge technology to improve security posture at MUFG. Manage IAM requirements, standards, governance and solutions across global implementation.
Senior Analyst in Mastercard's newly created Vocalink Control Office supporting control testing across Security domains. Ensuring a strong control environment and identifying gaps for improvement.
Senior Analyst focusing on Information Security and Compliance at Cirque du Soleil. Engaging in threat analysis and improvement of security tools and processes, within a creative company culture.
Security Architect designing and implementing cybersecurity architectures for UK Defence projects. Collaborating with stakeholders to safeguard client data against cyber threats.