Senior Product Security Engineer

*This position is fully remote only for employment in Bulgaria. However, people can also work in one of our offices in Sofia or Varna if they prefer to.

About DataArt

DataArt is a global software engineering firm and a trusted technology partner for market leaders and visionaries. Our world-class team designs and engineers data-driven, cloud-native solutions to deliver immediate and enduring business value.

We promote a culture of radical respect, prioritizing your personal well-being as much as your expertise. We stand firmly against prejudice and inequality, valuing each of our employees equally.

We respect the autonomy of others before all else, offering remote, onsite, and hybrid work options. Our Learning and development centers, R&D labs, and mentorship programs encourage professional growth.

Our long-term approach to collaboration with clients and colleagues alike focuses on building partnerships that extend beyond one-off projects. We provide the ability to switch between projects and technology stacks, creating opportunities for exploration through our learning and networking systems to advance your career.

Position Overview

As a Product Security Engineer, you will be responsible for ensuring that company & customer data is secure at all times. You will be building & maintaining modern security tools, controls & services. We’re a small team, so the role is a hybrid of engineering work along with vulnerability and risk management, with a focus on automation and collaboration with our wider Technology team to drive secure development processes within our software development life cycle.

Responsibilities

• Contribute to the development of the product security roadmap and strategy
• Boost, build, and innovate upon our security tools in our DevOps pipeline/processes
• Educate and empower those around you on security topics, helping to increase understanding of security issues and how to prioritize and remediate them
• Design preventative and/or detective controls for specific security issues alongside our engineering teams within an agile environment
• Drive security testing (individually, with third parties, and by encouraging adoption within engineering teams) of our products using both structured and explorative approaches, helping to identify vulnerabilities earlier in our product lifecycle
• Provide SME support during incidents and crisis management meetings

Requirements

• Great communication skills, both verbal and written
• Strong knowledge of application security best practices (such as OWASP)
• Familiarity with cloud infrastructure (such as AWS, Azure, or Google Cloud)
• Strong grasp of infrastructure-as-code and configuration tools (such as Terraform or AWS CloudFormation) for the purpose of deploying security tooling
• Knowledge of extracting metrics and events from security tooling
• Experience working with and securing microservices and API’s
• Advanced understanding of secure coding principles, the Secure Development Lifecycle, and how to drive acceptance and integration into engineering teams
• Experience implementing and managing SAST and/or DAST within a CI/CD environment
• Understanding of security tools such as WAFs and vulnerability scanning tools
• Understanding of cryptography, authentication, and authorization

What We Offer

• Unique corporate culture – no micromanagement, friendly atmosphere, freedom, and mutual respect
• Flexible schedule – ability to change projects, to work from home, and to try yourself in different roles
• Professional Development Map – a comprehensive map of your professional development within DataArt
• We hire people not for a project, but for the company. If the project (or your work in it) is over, you go to another project or to a paid “Idle”.
• Social benefits – additional health insurance, life insurance, sports card, etc.
• Opportunity to work from another DataArt office in a different city or country (temporarily or permanently)
• Free English courses
• Cozy office with a great atmosphere
• Snacks, drinks, and fruits are always available

^{reference number: SEE00030}