Security Engineer (Node.js / GCP)

Security Engineer (Node.js / GCP)Location: 100% Remote

Employment Type: B2B

100% FTE

About the Project

We are seeking an experienced Product Security Engineer for a dynamic technology company specializing in advanced digital systems. This is a role for a hands-on practitioner who can actively secure real-world cloud systems, write secure code, and take full ownership of the security landscape throughout the product lifecycle.

Key Responsibilities

• Practical Penetration Testing: Conducting tests on Node.js/TypeScript applications, APIs, and iOS/Android platforms using tools such as Burp Suite.

• Vulnerability Remediation: Identifying and fixing vulnerabilities, including authorization bypass, injection, and deserialization flaws.

• Secure API Standards: Defining and implementing standards for JWT/OAuth, TLS/mTLS, validation, rate limiting, and CORS.

• Infrastructure Hardening: Securing and hardening Kubernetes/GCP environments, Postgres databases, and Redis/BullMQ.

• Secure SDLC: Creating and improving Secure SDLC practices, including threat modeling, code reviews, and integrating SAST/DAST into CI/CD pipelines.

• Monitoring & Incident Response: Implementing automated monitoring using eBPF and Falco, and supporting incident response efforts.

• Compliance & Standards: Collaborating on initiatives related to GDPR, ISO 27001, and SOC 2.

• Software Engineering: Writing clean, testable, and secure code that is easy to maintain across all products.

Requirements

• Hands-on Experience: Proven track record of securing applications and cloud environments in real-world systems.

• Technical Stack: Deep expertise in securing Node.js and TypeScript backends.

• Cloud & Orchestration: High level of comfort working with Google Cloud Platform (GCP) and Kubernetes.

• Security Standards: Extensive knowledge of OWASP API & Mobile Top 10.

• Language Skills: English proficiency at a B2/C1 level for effective communication in a professional environment.

• Mindset: Ability to work independently, identify problems early, and take full ownership without being pushed.

• Code Quality: A commitment to writing code that is clean, maintainable, and robust