Senior Penetration Testing Analyst collaborating with DoD and other teams on cybersecurity solutions. Conducting penetration tests and assessments to enhance security across various environments.
About the role
- Senior Security Engineer managing application and product security at Preply. Collaborating closely with engineering teams to enhance security across all stages of development.
Responsibilities
- Own application and product security, partnering closely with engineering teams to improve security outcomes across the full SDLC
- Act as a strong technical voice in how we design, build, ship, and operate secure systems, driving initiatives end-to-end through influence, collaboration, and hands-on execution
- Work hands-on with our core backend stack (Python, Django), reading and writing code, contributing improvements, and building automation to scale security with product engineering teams to embed security into planning, design, and delivery, without slowing teams down
- Participate in architecture discussions and design reviews to identify risk early and propose pragmatic mitigations
- Lead and facilitate threat modeling for new features and significant changes, and translate results into prioritized engineering work
- Improve the secure SDLC end-to-end: requirements, secure design, implementation guidance, testing, release, and operational readiness
- Build “paved paths” and guardrails that make secure choices the default (libraries, patterns, templates, CI checks)
- Mature code and application security tooling, including selection, rollout, and adoption: SAST, SCA (We now use Snyk), secret scanning, and relevant DAST/API testing where it adds signal
- Integrate findings into developer workflows with clear ownership, SLAs, and low-friction remediation
- Proactively discover security issues through code review support, automation, security testing, and targeted assessments
- Improve vulnerability management for application and product security findings: triage, prioritization, remediation, verification, and trend reporting
- Create and deliver training and enablement for engineers (secure coding, common pitfalls, new patterns), and help grow security champions across teams
- Partner with GRC to ensure security requirements and controls are feasible, well understood, and evidenced through real engineering practice
- Lead engineering wide initiatives, managing stakeholders and aligning with business to deliver high impact results
Requirements
- Strong experience in application and product security in modern web environments, with a track record of improving security outcomes across the SDLC
- Strong coding ability and comfort working in a Python/Django codebase (reading, writing, reviewing, and proposing improvements)
- Demonstrated experience influencing engineering teams through design reviews, threat modeling, and practical guidance
- Strong understanding of common web and API security risks (OWASP Top 10, auth and session risks, SSRF, injection, access control issues, secrets exposure, unsafe deserialization, etc.) and how they show up in real systems
- Experience selecting, introducing, and scaling security tooling in CI/CD (SAST, SCA, secret scanning, and related controls), including tuning to reduce noise and improve developer adoption
- Ability to turn findings into action: clear severity, ownership, prioritization, and verification, with an emphasis on automation and repeatability
- Strong communication skills and the ability to collaborate across Product Engineering, Platform Engineering, SRE, Data teams, and GRC
- Business-oriented mindset and comfort making cost-benefit tradeoffs
- Willingness to participate in on-call rotations and partner effectively with SRE during incidents
Benefits
- A generous monthly allowance for lessons on Preply.com
- Learning & Development budget and time off for your self-development
- A competitive financial package with equity and leave allowance
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Senior Cybersecurity Documentation Specialist managing Risk Management Framework initiatives for Leidos. Supporting cybersecurity documentation and compliance activities across departments with a focus on national security.
Security Engineer role at Contour Software focused on IT administration and security operations. Ensuring tools and systems are secure and aligned with best practices across the organization.
First Vice President driving Axos Bank's information security strategy and leading a high - performing team. Architecting solutions and leading technical initiatives within a fast - paced environment.
Mid to Senior Data Engineer joining CrowdStrike's Cloud Identity & Perimeter team. Focus on developing and maintaining complex data pipelines and security analytics at scale.
Security Business Analyst engaging in requirements gathering, risk assessments, and stakeholder liaison. Supporting measurable security outcomes with comprehensive documentation in a hybrid work setup.
Cybersecurity Assessor evaluating enterprise systems for vulnerabilities and compliance. Engaging in assessments and reporting within a hybrid work structure based in Brooklyn Heights, NY.
Senior Software Engineer developing engaging gamified learning experiences for cybersecurity awareness. Driving technical leadership and product ownership in a rapidly growing team.
Cyber Security Engineer providing cybersecurity support for SCADA, OT networks and industrial control systems at Vestas. Collaborating with cross - functional teams to ensure secure operations in offshore wind farms.
Senior Consultant in IT Security guiding clients through IT projects and security strategies. Analyzing vulnerabilities and leading project tasks while ensuring quality and timely delivery.