🛠 Tech Stack

💼 About This Role

You'll work with product teams to build and ship securely by default. You'll own recurring AppSec activities like design reviews, threat modeling, and code review across multiple teams, balancing security with delivery speed. This hands-on role offers the chance to influence both product security posture and developer experience at scale.

🎯 What You'll Do

• Own secure design reviews, threat modeling, code review, and remediation guidance for multiple product teams.
• Assess vulnerabilities from scanners, testing, and bug reports; prioritize meaningful risk.
• Validate security fixes and recommend compensating controls when ideal remediation isn't possible.
• Improve AppSec workflows by tuning checks, refining rules, and integrating security into CI/CD pipelines.

📋 Requirements

• Strong hands-on knowledge of web and API security issues, authentication, session management, and secure coding.
• Proven experience conducting secure code reviews in Java, TypeScript, and PHP.
• Experience leading or facilitating threat modeling for product features or services.
• Experience managing AppSec tools (SAST, SCA, DAST, secrets scanning) and bug bounty platforms with CI/CD integration.

✨ Nice to Have

• Experience building AppSec automations or tuning security controls in CI/CD environments.
• Experience delivering secure coding guidance or lightweight internal security training.
• Background in privacy-sensitive systems, cloud-native services, or multi-service architectures.

🎁 Benefits & Perks

• 🏖️ 5 Weeks Paid Vacation
• 🏥 Sick Leave Compensation with up to 2 weeks fully paid
• 👶 Parental Leave: 18 weeks maternity / 4 weeks paternity fully paid
• 🍽️ Meal Vouchers (CZK 220 per working day)
• 🚆 Annual Prague Travel Card (Lítačka)

📨 Hiring Process

Estimated timeline: 2-4 weeks · AI estimate

1. 1Intro call with Recruiter· 30 min
2. 2Technical interview· 60 min
3. 3Cultural interview· 45 min