Senior Penetration Tester working on TIBER and Red Team assignments in high - security sectors. Collaborate with experts to deliver comprehensive security assessments and enhance organizational security.
About the role
- Senior Security Engineer managing application and product security at Preply. Collaborating closely with engineering teams to enhance security across all stages of development.
Responsibilities
- Own application and product security, partnering closely with engineering teams to improve security outcomes across the full SDLC
- Act as a strong technical voice in how we design, build, ship, and operate secure systems, driving initiatives end-to-end through influence, collaboration, and hands-on execution
- Work hands-on with our core backend stack (Python, Django), reading and writing code, contributing improvements, and building automation to scale security with product engineering teams to embed security into planning, design, and delivery, without slowing teams down
- Participate in architecture discussions and design reviews to identify risk early and propose pragmatic mitigations
- Lead and facilitate threat modeling for new features and significant changes, and translate results into prioritized engineering work
- Improve the secure SDLC end-to-end: requirements, secure design, implementation guidance, testing, release, and operational readiness
- Build “paved paths” and guardrails that make secure choices the default (libraries, patterns, templates, CI checks)
- Mature code and application security tooling, including selection, rollout, and adoption: SAST, SCA (We now use Snyk), secret scanning, and relevant DAST/API testing where it adds signal
- Integrate findings into developer workflows with clear ownership, SLAs, and low-friction remediation
- Proactively discover security issues through code review support, automation, security testing, and targeted assessments
- Improve vulnerability management for application and product security findings: triage, prioritization, remediation, verification, and trend reporting
- Create and deliver training and enablement for engineers (secure coding, common pitfalls, new patterns), and help grow security champions across teams
- Partner with GRC to ensure security requirements and controls are feasible, well understood, and evidenced through real engineering practice
- Lead engineering wide initiatives, managing stakeholders and aligning with business to deliver high impact results
Requirements
- Strong experience in application and product security in modern web environments, with a track record of improving security outcomes across the SDLC
- Strong coding ability and comfort working in a Python/Django codebase (reading, writing, reviewing, and proposing improvements)
- Demonstrated experience influencing engineering teams through design reviews, threat modeling, and practical guidance
- Strong understanding of common web and API security risks (OWASP Top 10, auth and session risks, SSRF, injection, access control issues, secrets exposure, unsafe deserialization, etc.) and how they show up in real systems
- Experience selecting, introducing, and scaling security tooling in CI/CD (SAST, SCA, secret scanning, and related controls), including tuning to reduce noise and improve developer adoption
- Ability to turn findings into action: clear severity, ownership, prioritization, and verification, with an emphasis on automation and repeatability
- Strong communication skills and the ability to collaborate across Product Engineering, Platform Engineering, SRE, Data teams, and GRC
- Business-oriented mindset and comfort making cost-benefit tradeoffs
- Willingness to participate in on-call rotations and partner effectively with SRE during incidents
Benefits
- A generous monthly allowance for lessons on Preply.com
- Learning & Development budget and time off for your self-development
- A competitive financial package with equity and leave allowance
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Senior Security Delivery Engineer safeguarding digital infrastructure at nbn by embedding security into CI/CD pipelines. Collaborating within DevSecOps teams to ensure resilient platforms.
Senior Cloud Security Engineer at Semperis focusing on preventative security and cloud architecture. Collaborating with teams to enhance security around cloud environments and regulatory requirements.
Cybersecurity Shift Lead at PwC focusing on overseeing cybersecurity operations for clients. Leading teams and ensuring operational excellence during shifts across cybersecurity towers.
Manager overseeing Identity and Access Management services at PwC. Collaborating with stakeholders to drive cyber resilience and compliance in complex environments.
Product Manager driving secure communications solutions in a highly regulated environment. Collaborating with cross - functional teams to deliver product lifecycle from planning to field adoption.
Director of Physical Security managing comprehensive corporate security strategies for a defense tech company. Leading physical security operations, ensuring safety across facilities and collaboration with international defense bodies.
Director of Physical Security building security function for Swarmer, a tech company developing autonomous drone software. Overseeing security measures and fostering a proactive security culture.
OT Cybersecurity Engineer tasked with maintaining security for Operational Technology environments. Evaluating incident response, monitoring solutions, and ensuring compliance in cybersecurity frameworks from SBM Offshore in Brazil.
Técnico de Segurança do Trabalho ensuring safety compliance in Brazil's leading sanitation company. Focused on operational safety, incident investigations, and team training.