Senior Security Engineer (Infrastructure & Product Security)
We are looking for a Senior Security Engineer who will help strengthen the security of our infrastructure, internal services, and product environment.
This is a key engineering role with a broad technical scope: from cloud and platform security to API and product-level protection.
What you will be doing:
Infrastructure & Cloud Security
- Development and enhancement of security controls for cloud and infrastructure
- Management of network security: WAF, DDoS protection, firewall, mTLS
- Reduction of the attack surface at the infrastructure and service levels
Product & API Security
- Analysis and enhancement of API security and service interactions
- Conducting black-box testing and identifying vulnerabilities at the product level
- Participation in securing backend architecture and service communication
- Working with vulnerabilities and prioritizing them from a business risk perspective
Offensive Security & Testing
- Conducting and coordinating vulnerability assessments and pentests
- Working with bug bounty programs and responsible disclosure
- Identifying weak points through offensive security practices
- Testing system resilience against various types of attacks
What we want to see:
- Experience in roles such as Security Engineer / Infrastructure Security / Platform Security
- Strong hands-on experience in cloud / infrastructure security
- Practical experience with Kubernetes security
- Deep understanding of network security (WAF, DDoS, firewall, mTLS)
- Experience with Linux hardening and understanding of attack surface
- Experience with GCP and/or AWS IAM (least privilege, service accounts, audit logs)
- Automation skills (Python / Bash / Go or any other language)
- Experience with Terraform (infrastructure / security as code)
- Experience conducting vulnerability assessments / pentests
- Ability to view systems from an attacker’s perspective and translate this into engineering solutions
- Independence and maturity in making technical decisions
Additionally, it would be great to have:
- Experience in product / application security
- Experience with bug bounty programs
- Experience conducting black-box testing
- Experience in high-load product companies
- Understanding of abuse / anti-cheat / product security aspects in game development
- Experience working with corporate systems and access management (Google Workspace, etc.)
Why This Role Is Interesting
- Broad technical scope: infrastructure, product, internal services
- Opportunity to influence architectural decisions and engineering approaches
- Work at the intersection of offensive and defensive security
- Real impact on product resilience and security
- Strong engineering culture and close collaboration with development teams
Growth and development
Our project is actively growing, as well as the team that creates it. We invest in the growth of each specialist and regularly review salaries based on performance. Moreover, we have a promotion system that allows specialists to showcase their talents in more responsible positions.
Comfortable conditions
Hybrid work format in Almaty or Belgrade with flexible working hours and the option to take days off without unnecessary bureaucracy.
Care for employees
We offer sick days without salary loss, assistance in difficult life situations, no bureaucratic nightmares and processes for the sake of processes.
