As our Product Security Engineer, you’ll be responsible for helping us to better secure our product by further embedding security into our SDLC. You’ll work closely with the product teams and empower them through your security expertise and guidance, covering everything from the design phase, threat modelling, security code reviews, integrated security testing and analysis.
What you will do
- Attempt to break our product to uncover security vulnerabilities.
- Carry out, directly or in coordination with product teams, manual, static and dynamic security testing, also, threat modelling, design review and general security consultation.
- Gain a deep knowledge of our tech stack and provide insight on threats.
- Perform security code reviews and provide fix guidelines for remediation strategies.
- Integrate mentoring & guidance for other team members.
- Tracking and following security issues until it is fixed.
- Support the team with incident management and remediation procedures.
What you will bring
- A very good understanding of vulnerability frameworks such as Mitre Top 25, CVSS & OWASP.
- Good knowledge and experience in using commercial & open-source security tooling.
- Experience and familiarity with modern development environments and practices e.g. code management and CI/CD systems, Docker and Kubernetes, and microservice architecture….and of course DevOps.
- It’d be great if you’ve participated security tooling into the CI/CD and automated wherever possible.
- Work closely with developers to triage, investigate, document and remediate security vulnerabilities.
- Participated in bug bounties or CTFs in the past.
- Experience or working knowledge of a variety of SAST, DAST and SCA security tools
- Proficiency in any scripting language – we use Python.
- Ability to communicate in writing complex and technical issues to diverse audiences, in an easily understood, and actionable manner.
- Hands on experience with software development (e.g. in the Node.js and JVM ecosystem) would be fantastic, but don’t let this put you off applying.
Benefit & Perks
- Generous vacation days
- Time off every year for professional learning & growth
- Learning expenses
- Personal budget home office equipment
- Flexible working hours
BRYTER is the no-code service automation platform that enables business experts to build digital applications. The truly no-code platform gives enterprise teams the tools to build self-service applications to provide faster, more accurate services to their colleagues, without programming.
BRYTER is especially geared to professionals in law, compliance, accounting and finance, who use the software to automate complex, recurring decisions and scenarios.
Global brands from McDonald's and ING, through to professional service firms like Deloitte, PwC, and KPMG, use BRYTER to deliver services digitally. BRYTER is a remote-first company with hubs in New York, London, Frankfurt, and Berlin.
TechCrunch about BRYTER
EU-Startups listed BRYTER as one of ten exceptionally promising German startups to watch in 2021
What's important to us
Watch a webinar of our Chief Product Officer, where he shares some of the practices and rituals that make our remote-first working culture special.
We hired you because we trust you. We as founders and we as co-workers.
We trust each other to openly communicate our thoughts, make fast decisions and contribute to an environment that encourages others to do so. Our default-to-yes principle empowers everyone to be a leader and to take ownership.
We trust you because you are awesome, and we want to work with awesome people but also because we believe you have the knowledge and expertise to do great things at BRYTER.
We want you to take ownership and agency quite simply. If you sense something which can be improved, we expect you to follow this feeling and just do it. We empower everyone to make decisions.
We support you in your individual journey to grow. Not only by providing challenging work, people around you who you can learn from, but also through a personal conference and training budget.
We strive for collaboration and co-creation. We embrace that when you want to get something done you just reach out to your co-workers and ask for help, advice, feedback, and support.
We believe in the positive impact of cross-functional collaboration where everybody works together in a structured way (that prevents chaos). We call these cross-functional groups our Units.
We leverage this by working together in a Network Organization that is connecting competence (not a hierarchy of authority) and where information flows fluidly throughout the organization.
We are team players and we believe in the power of cross-functional units. We make ownership and processes explicit in order to improve continuously. We have practices and rituals in place that help us reflect and improve continuously.