Security Engineer - Product Security

Posting Type

Minimum qualifications:  

• Bachelor's degree in security, Computer Science, Information Systems, or related field. 
• Familiarity with common software vulnerabilities (ex: OWASP Top 10) and their remediations.  
• Excellent verbal and written communication skills, with the ability to articulate complex security concepts to both technical and non-technical stakeholders. 
• Strong analytical and problem-solving skills, with a proactive approach to identifying and addressing security challenges. 
• Hybrid-working role. 

Preferred qualifications: 

• 1 year of experience in software engineering or product security. 
• Experience working in a SaaS environment operating on a global scale. 
• Hands-on experience performing secure code review and architecture design reviews. 
• Experience working with at least one SCA/SAST/DAST tool. 
• Experience working in .NET software development. 
• Experience with Azure. 
• Experience working with CI/CD (GitHub Actions preferably). 
• Experience working with Kubernetes and containers.

Job Overview

As a Security Engineer of the Application Security team in the Security department of Relativity, you will work with product teams, engineers, and architects at every stage of the SDLC to build a secure product. This is an opportunity to work in a security department focused on DevSecOps in a rapidly expanding legal tech company, where you'll be helping secure a dynamic web system built on top of containers, native cloud applications, and other modern technology stacks.

The Application Security team:

Specializes in secure code review and education on secure coding practices.

Coordinates and responds to penetration tests.

Reviews designs and prepares security requirements.

Designs and promotes secure ‘paved roads’ for engineers to follow.

Implements and manages security tooling and incorporating SAST, DAST, and SCA in CI/CD pipelines.

These things will be key to be successful in this role:

You are passionate about being a part of an international team in a security-focused environment within the Legal Tech industry.

You want to help empower engineers to build secure products.

You want to have a real impact on the security of the leading eDiscovery/Legal Tech product.

You enjoy cross-functional collaboration.

You are passionate about DevSecOps.

Job Description and Requirements

What are the core duties of this role? 

• Secure code review process, ensuring that all code is thoroughly analyzed for security vulnerabilities before deployment. 
• Review application designs and prepare comprehensive security requirements to ensure robust and secure software development practices. Design and promote secure development pathways ('paved roads') for engineers to follow, ensuring consistency and security across all projects. 
• Work with external partners and internal stakeholders to identify and remediate security issues discovered from penetration tests and security tooling. 
• Help manage the implementation and technical hygiene of security tooling, the creation of guidelines for enhancing automated code review, and integration of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) into Continuous Integration/Continuous Deployment (CI/CD) pipelines.

Relativity is committed to competitive, fair, and equitable compensation practices.

This position is eligible for total compensation which includes a competitive base salary, an annual performance bonus, and long-term incentives.

The expected salary range for this role is between following values:

120 000 and 180 000PLNThe final offered salary will be based on several factors, including but not limited to the candidate's depth of experience, skill set, qualifications, and internal pay equity. Hiring at the top end of the range would not be typical, to allow for future meaningful salary growth in this position.