Security Engineer

Readable role content extracted into sections for faster review.

Partner with product teams to design and review features with security built in from the start.
Identify and mitigate vulnerabilities using white-box (code review, architecture analysis) and black-box (penetration testing, fuzzing) techniques.
Proactively find security flaws in applications, APIs, and infrastructure, and help teams remediate them quickly.
Introduce pragmatic security tooling and automation to strengthen defences without slowing down delivery.
Champion secure coding practices and raise security awareness across the engineering organisation, including collaborating on incident response when needed.

Track record of finding and remediating application security vulnerabilities, ideally demonstrated through in-depth security research, penetration testing, or red teaming.
Hands-on experience with white-box and black-box testing techniques and tools.
Familiarity with secure software development in modern web applications (React, Go, TypeScript, Postgres, or similar stacks).
Comfortable embedding within product teams and influencing design and implementation decisions.
Experience with cloud security in Google Cloud Platform (GCP Security Command Center is a plus) and a pragmatic approach – knowing where to focus for maximum risk reduction without slowing down delivery.