Preply

Senior Security Engineer – Application

Preply

full-time

Posted on:

Location Type: Hybrid

Location: LondonUnited Kingdom

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

DjangoPythonSDLC

About the role

  • Own application and product security, partnering closely with engineering teams to improve security outcomes across the full SDLC
  • Act as a strong technical voice in how we design, build, ship, and operate secure systems, driving initiatives end-to-end through influence, collaboration, and hands-on execution
  • Work hands-on with our core backend stack (Python, Django), reading and writing code, contributing improvements, and building automation to scale security with product engineering teams to embed security into planning, design, and delivery, without slowing teams down
  • Participate in architecture discussions and design reviews to identify risk early and propose pragmatic mitigations
  • Lead and facilitate threat modeling for new features and significant changes, and translate results into prioritized engineering work
  • Improve the secure SDLC end-to-end: requirements, secure design, implementation guidance, testing, release, and operational readiness
  • Build “paved paths” and guardrails that make secure choices the default (libraries, patterns, templates, CI checks)
  • Mature code and application security tooling, including selection, rollout, and adoption: SAST, SCA (We now use Snyk), secret scanning, and relevant DAST/API testing where it adds signal
  • Integrate findings into developer workflows with clear ownership, SLAs, and low-friction remediation
  • Proactively discover security issues through code review support, automation, security testing, and targeted assessments
  • Improve vulnerability management for application and product security findings: triage, prioritization, remediation, verification, and trend reporting
  • Create and deliver training and enablement for engineers (secure coding, common pitfalls, new patterns), and help grow security champions across teams
  • Partner with GRC to ensure security requirements and controls are feasible, well understood, and evidenced through real engineering practice
  • Lead engineering wide initiatives, managing stakeholders and aligning with business to deliver high impact results

Requirements

  • Strong experience in application and product security in modern web environments, with a track record of improving security outcomes across the SDLC
  • Strong coding ability and comfort working in a Python/Django codebase (reading, writing, reviewing, and proposing improvements)
  • Demonstrated experience influencing engineering teams through design reviews, threat modeling, and practical guidance
  • Strong understanding of common web and API security risks (OWASP Top 10, auth and session risks, SSRF, injection, access control issues, secrets exposure, unsafe deserialization, etc.) and how they show up in real systems
  • Experience selecting, introducing, and scaling security tooling in CI/CD (SAST, SCA, secret scanning, and related controls), including tuning to reduce noise and improve developer adoption
  • Ability to turn findings into action: clear severity, ownership, prioritization, and verification, with an emphasis on automation and repeatability
  • Strong communication skills and the ability to collaborate across Product Engineering, Platform Engineering, SRE, Data teams, and GRC
  • Business-oriented mindset and comfort making cost-benefit tradeoffs
  • Willingness to participate in on-call rotations and partner effectively with SRE during incidents
Benefits
  • A generous monthly allowance for lessons on Preply.com
  • Learning & Development budget and time off for your self-development
  • A competitive financial package with equity and leave allowance
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
application securityproduct securityPythonDjangoSASTSCAsecret scanningDASTthreat modelingsecure SDLC
Soft Skills
influencecollaborationcommunicationleadershipproblem-solvingtrainingstakeholder managementbusiness-oriented mindsetprioritizationautomation