Scale Final company
As an Information Security Leader, you will be responsible for ensuring the security of our in-house applications, secure software development practices, and internal information security. Your role will drive security initiatives across the organization, foster a security culture, and mitigate security threats to protect our employees and customers.
Working closely with application security engineers, development teams, and security operations specialists, you will assess and mitigate security risks, respond to security incidents, and ensure compliance with industry best practices. You will also lead efforts to integrate security into the software development lifecycle (SDLC) and enhance the company’s internal security posture.
To succeed in this role, you should be a hands-on security expert with a proactive approach to identifying and responding to security risks. You should be passionate about application security and secure software development, leveraging your technical expertise and leadership skills to drive security improvements.
Your Responsibilities
Application Security:
● Conduct security reviews of the architecture and code for new and existing in-house applications.
● Identify and mitigate vulnerabilities in mobile and web applications.
● Maintain security tools, including Web Application Firewalls (WAF), SAST, DAST, and other security solutions.
● Support future launch of the Bug Bounty program and collaborate with security researchers.
● Work closely with development teams to integrate security best practices and tools into CI/CD pipelines.
● Guide on securing applications based on a microservices architecture with an existing stack of technologies: Golang, PHP, JavaScript, PostgreSQL, Redis, ClickHouse.
Secure Software Development:
● Define and enforce secure coding practices and security controls throughout the Software Development Lifecycle (SDLC).
● Conduct developer training and awareness programs to promote security-conscious development.
● Support the defect management process by assisting development teams in identifying and mitigating vulnerabilities.
Internal Information Security:
● Analyze the company’s infrastructure to identify and mitigate security risks.
● Support threat detection and incident response activities,
● Support future launch of Security Operations Center (SOC) teams.
● Investigate security incidents and ensure timely remediation of threats.
● Define and implement security policies, processes, and controls to strengthen the company’s security posture.
● Monitor and evaluate emerging threats, leveraging Threat Intelligence to improve detection capabilities.
● Ensure compliance with relevant regulatory frameworks and industry security standards.
What Makes You a Great Fit
Must-Have Qualifications:
● 5+ years of experience in Information Security, with expertise in application security, secure software development, and internal security.
● Strong background in software development or penetration testing.
● Experience in security reviews, vulnerability management, and risk assessment for applications.
● Proficiency in at least one programming language (Go, PHP, JavaScript, etc.).
● Deep understanding of common vulnerabilities (OWASP Top 10, CWE, etc.) and mitigation strategies.
● Familiarity with CI/CD security integration and security automation.
● Hands-on experience with security tools such as WAFs, SAST, DAST, SIEM, EDR, and cloud security solutions.
● Strong understanding of cloud security (especially GCP) and modern infrastructure security.
● Incident response and forensics experience, including malware analysis and threat hunting.
● Ability to think like an adversary to predict attack vectors and enhance security defenses.
● Strong business communication skills to educate and influence stakeholders on security initiatives.
● English: Intermediate level or higher.
Nice-to-Have Qualifications:
● Understanding of microservices security, Kubernetes, Docker, and container security.
● Familiarity with regulatory frameworks (e.g., ISO 27001, GDPR, PCI DSS) and compliance requirements.
● Security certifications (e.g., OSCP, OSEP, eCPTX, GCFA, CISSP, CISM, AWS/Azure Security).
● Experience with Bug Bounty programs or CTF competitions.
What We Offer
● Competitive and Attractive Pay
● Flexible hours for a better work-life balance
● 21 vacation + 7 no-questions-asked sick days per year
● Career growth: Continuous Development & Performance Reviews
● Team-buildings & Office Happy Hours
● Relocation support included
Join Our Team of Visionary Innovators!
Are you a mindful go-getter with an entrepreneurial spark? We're looking for dynamic individuals ready to grow and thrive with us. At our core, we believe in people first—your passions, ambitions, and evolution matter.
Growth isn’t just a goal; it’s the #1 priority here. Work is personal. Personal drives growth. Growth fuels prosperity.
If this resonates with you, send us your CV, and let’s kickstart something extraordinary! Don’t tick every box? No problem! If you share our love for technology, we’d still love to chat and explore the possibilities together.
