Key skills
DjangoGoogle Cloud PlatformJavaScriptMongoDBPythonSDLCTerraformVue.jsVueGCPGoogle CloudCI/CDCollaborationOWASP
About this role
Role Overview
- You’ll help secure Prolific’s applications end-to-end, from hands-on testing and code review to threat modelling and CI/CD security.
- You’ll partner closely with engineers to identify and fix vulnerabilities, build and tune security tooling, and embed secure development practices across the SDLC.
- This includes running penetration tests, improving detection coverage, and staying ahead of emerging threats to continuously strengthen our security posture.
Requirements
- Several years in application/product security and a background in software engineering
- Strong knowledge of OWASP Top 10 (Web & API) and modern attack paths (e.g. auth flaws, SSRF, injection, business logic abuse, supply chain)
- Experience working with complex, large-scale systems and modern architectures
- Hands-on security testing experience (especially Burp Suite) across web apps and APIs
- Python for security tooling, automation, or custom detection (Django a plus)
- Experience implementing and tuning SAST, SCA, DAST, and secret scanning in CI/CD
- Practical threat modelling experience, including leading lightweight sessions
- Strong collaboration skills, able to clearly explain issues and drive remediation
- Builder mindset, you automate wherever possible
- Experience with Django, Vue.js, MongoDB, GCP
- Security champions or bug bounty programmes
- Supply chain security (SCA, SBOMs, dependency review)
- IaC security (e.g. Terraform, policy-as-code)
- Hands-on certifications (OSCP, GWAPT, BSCP)
- Experience in scaling environments building out security practices
Tech Stack
- Django
- Google Cloud Platform
- JavaScript
- MongoDB
- Python
- SDLC
- Terraform
- Vue.js
Benefits
- Competitive salary
- Benefits, perks, and compensation extras