Match score not available

Cybersecurity Engineer, Product Security

unlimited holidays - extra holidays - extra parental leave - long remote period allowed
Remote: 
Hybrid
Contract: 
Experience: 
Mid-level (2-5 years)
Work from: 
Tartu (EE)

Offer summary

Qualifications:

Experience with threat modeling and security design reviews, Knowledge of common vulnerabilities like OWASP Top 10, Understanding of SDLC in Agile-like environments, Ability to provide clear guidance on remediation, Preferred background in product companies with emphasis on product security.

Key responsabilities:

  • Conduct security risk assessments during the SDLC
  • Manage and refine vulnerability management processes
  • Enhance external vulnerability management programs.
  • Provide technical guidance on secure coding practices
  • Support information security compliance processes
Bolt logo
Bolt Unicorn https://bolt.eu/
1001 - 5000 Employees
HQ: Tallinn
See more Bolt offers

Job description

<gh-intro>
<text>

We are looking for a Cybersecurity Engineer to join our Product Security team and support our product growth by addressing gaps in product vulnerability management. 

</text>
</gh-intro>

<gh-about-us>
<title>About us</title>

<text>

With over 200 million customers in 50+ countries, Bolt is one of the fastest-growing tech companies in Europe and Africa. And it's all thanks to our people.

 

We believe in creating an inclusive environment where everyone is welcome, regardless of race, colour, religion, gender identity, sexual orientation, age, or disability.

 

Our ultimate goal is to make cities for people, not cars, and we need your help to achieve this mission!

</text>

</gh-about-us>

<gh-role-detail>

<title>About the role</title>

<text>

As a Product Security Engineer, you will be responsible for ensuring we are following vulnerability management best practices and acting as a key point of contact for vulnerability identification and remediation efforts between penetration testers, bug bounty submissions, and engineering teams. 

 

You will be closely collaborating with key internal stakeholders to determine how to mitigate security vulnerabilities, providing guidance and raising awareness across different functions. 

</text>
</gh-role-detail>

<gh-responsibilities>

<title>Main tasks and responsibilities:</title>

<bulletpoints>

  • <point>Conducting security risk assessments early in the SDLC, ensuring security is embedded from the design stage by reviewing design documents and engaging with product managers</point>
  • <point>Managing and refining our vulnerability management processes to ensure faster and more efficient feedback loops between penetration testers, bug bounty submissions, and engineering teams and, reducing the resolution time of critical and high-severity vulnerabilities</point>
  • <point>Refine and enhance our external vulnerability management program (i.e., bug bounty program), validating submissions, and working with program managers to maximize its impact </point>
  • <point>Providing technical guidance to engineers and raising awareness about common secure coding practices to reduce recurring vulnerabilities</point>
  • <point>Participating in information security incident handling process</point>
  • <point>Support the information security compliance processes by ensuring vulnerability management practices align with compliance requirements (e.g., PCI DSS, ISO 27001)</point>

</bulletpoints>
</gh-responsibilities>

 

<gh-requirements>

<title>About you:</title>

<bulletpoints>

  • <point>You have experience with threat modeling, security design reviews, security architecture, pentesting, and vulnerability management</point>
  • <point>You have the ability to provide clear, practical guidance to engineering teams for remediation</point>
  • <point>You are knowledgeable about common vulnerabilities (such as those outlined in the OWASP Top 10)</point>
  • <point>You have a good understanding of the implementation of SDLC within Agile-like environments</point>
  • <point>You preferably have a background working on product companies with an emphasis in product security</point>

</bulletpoints>
<text>

Experience is great, but we also look for drive, intelligence, and integrity. So, even if you don’t tick every box, please consider applying if you feel you’re the kind of person described above!
</text>
</gh-requirements>

<gh-perks>

<title>Why you’ll love it here:</title>

<bulletpoints>

  • <point>Play a direct role in shaping the future of mobility.</point>
  • <point>Impact millions of customers and partners in 600+ cities across 50+ countries.</point>
  • <point>Work in fast-moving autonomous teams with some of the smartest people in the world. </point>
  • <point>Accelerate your professional growth with unique career opportunities.</point>
  • <point>Get a rewarding salary and stock option package that lets you focus on doing your best work.</point>
  • <point>Enjoy the flexibility of working in a hybrid mode with a minimum of 2 days in the office each week to foster strong connections and teamwork.</point>
  • <point>Take care of your physical and mental health with our wellness perks.</point>

</bulletpoints>
<text>*Some perks may differ depending on your location and role.</text>
</gh-perks>

#LI-Hybrid

Required profile

Experience

Level of experience: Mid-level (2-5 years)
Industry :
Fintech: Finance + Technology
Spoken language(s):
English
Check out the description to know which languages are mandatory.

Other Skills

  • Collaboration
  • Analytical Thinking
  • Verbal Communication Skills

Cybersecurity Engineer Related jobs