Security Engineer in Product Security

Описание вакансии

JetBrains is a well-known international software development company. Ever since we started, back in 2000, we’ve strived to make the strongest, most effective developer tools on earth. Our products are used by more than 15 million users worldwide, and 88 Fortune Global 100 companies are our customers.

We are seeking an experienced and talented Security Engineer to join the Product Security team and help safeguard JetBrains products and services. In this role, you will work closely with product teams to establish, maintain, and continuously improve security processes as part of our SSDLC. You will conduct in-depth security reviews and tests across various development stages, design and implement security controls, set up security automation and pipelines, and contribute to building a strong, developer-friendly security culture.

This position offers the opportunity to work on both web and desktop products, tackle complex security challenges, explore innovative solutions — including AI and LLM-driven approaches — and have a direct impact on the security posture of tools used by millions of developers worldwide.

As part of our team, you will:

• Conduct security tests and reviews of all JetBrains web and desktop products, including features, designs, architecture, and code.
• Perform threat modeling and risk assessments for new features, components, and integrations.
• Establish and improve SSDLC and Application Security processes across product teams.
• Research and address new attack vectors and threats, and help design effective defenses.
• Help to develop, integrate, and maintain security pipelines and tools that embed security controls into the development workflow or automate manual, time-consuming tasks.
• Research and implement AI/LLM-based approaches for security automation.
• Investigate and triage vulnerability reports submitted by external researchers.
• Collaborate with product teams, providing security guidance, vision, and practical solutions.
• Contribute to security awareness by creating and maintaining security guidelines and best practices, delivering talks, and designing CTF challenges.

We’d love for you to join our team if you have:

• Proven experience in Application Security and/or Penetration Testing.
• Solid knowledge of Web Application Security principles, common attacks, and OWASP TOP 10.
• A degree in computer science, information technology, or equivalent experience.
• A strong command of English with excellent written communication skills.
• Strong experience in vulnerability analysis and proof-of-concept development.
• An understanding of cloud security fundamentals (AWS, GCP, and Azure).
• An understanding of the modern software development lifecycle (code reviews, CI, CI-based controls, CD, and packaging)
• Experience in secure coding and conducting effective security-focused code reviews.
• An analytical and problem-solving mindset, with the ability to work both independently and in a team.

We’d be particularly thrilled if you have:

• Experience building security pipelines and integrating them into developer workflows and CI/CD.
• Experience in security design review, security architecture, system hardening, and risk assessment.
• Experience developing internal security tools or plugins for developer teams.
• Experience applying AI/LLM in security tooling or processes.
• Programming skills in Kotlin, Java, Python, or Go.
• Knowledge of desktop application security (Windows, macOS, Unix).
• Hands-on experience with SAST, DAST, SCA, or fuzzing.
• Experience with bug bounty programs — as a researcher or a triager.
• Participation in CTFs or other practical security competitions.
• Any relevant certifications, such as OSCP, OSWE, GXPN, CISSP, etc.
• Familiarity with compliance and regulatory frameworks such as GDPR, SOC 2, ISO 27001, and emerging AI regulations.

#LI-DNI

We are an equal opportunity employer

We know great ideas can come from anyone, anywhere. That’s why we do our best to create an open and inclusive workplace – one that welcomes everyone regardless of their background, identity, religion, age, accessibility needs, or orientation.

We process the data provided in your job application in accordance with the Recruitment Privacy Policy.