Product Security Engineer

DataWalk is a high-tech software product company that brings the next level of technology to the world through a patent-based hybrid graph analytical platform. Our system is used by US Departments, Intelligence Agencies, and top Fortune500 companies to combat money laundering, fraud, human trafficking, terrorism or organized crime. If you are interested in making the world a safer place and leverage a unique business opportunity, please read further.

We are looking for an experienced Product Security Engineer to join our Product Engineering Team.

As a key player in securing our platform, you will work closely with our product engineering teams to identify and resolve vulnerabilities in our product. Your expertise in using security scanners and your deep knowledge of authentication protocols will be essential. A crucial part of your role will be to embed security throughout our software development lifecycle (SDLC) to reduce security debts and ensure we build secure products from the ground up. Your expertise will be crucial in ensuring our product remains secure while being validated by demanding clients. This is a chance to have a direct and significant impact on our product's security posture and influence our security culture.

Responsibilities:

• Implementation and improvement of a Secure Software Development Lifecycle (SSDLC), integrating security practices into every stage of development.

• Manage and operate security scanning tools (SCA, SAST, DAST, etc.) to proactively find and address vulnerabilities.

• Conduct security reviews of new features, products, and infrastructure.

• Collaborate with engineering teams to guide them on remediation and secure coding practices.

• Serve as a security expert for clients, communicating our security measures and addressing their concerns.

• Investigate and respond to security incidents and perform root cause analysis.

• Stay updated on the latest security trends and threats to continuously improve our security defenses.

Requirements:

• Proven experience as a Product Security Engineer or a similar role focused on application security. Leadership experience is highly welcome.

• Strong, hands-on experience with security scanning tools like SCA, SAST, and DAST.

• Experience implementing and maturing a Secure SDLC.

• Understanding Java and Python code is required.

• Familiarity with Kubernetes and working in a containerized environment.

• Expertise in authentication and authorization protocols, including Kerberos, SAML, OAuth, and OIDC.

• A solid understanding of common web application vulnerabilities (e.g., OWASP Top 10).

• Excellent communication and interpersonal skills, with the ability to clearly explain complex security concepts to both technical and non-technical audiences, including clients.

• Fluent English and Polish.

Nice to have:

• Experience with cloud security (AWS, Azure, or GCP).

• Experience with threat modeling methodologies (e.g., STRIDE).

• Knowledge of CIS Benchmarks and other security best practices.

• Certifications such as OSCP, CEH, etc.

• Experience in performing penetration tests against web applications.

We offer:

• Direct impact on the global expansion of the fast growing investigative analytics company with global ambitions.

• A competitive salary and an attractive package of benefits (private healthcare, life insurance, multisport cards, training).

• Growth opportunities in a dedicated and passionate team of professionals.

• A challenging and inspiring environment.

• Work remotely in a flexible, independent work environment.