Security Engineer in Product Security

Security Engineer (Product Security)

Join JetBrains’ Product Security team to help safeguard JetBrains products and services across the software development life cycle (SSDLC).

What you’ll do

• Conduct security tests and reviews across JetBrains web and desktop products (features, designs, architecture, and code).
• Perform threat modeling and risk assessments for new features, components, and integrations.
• Establish and improve SSDLC and application security processes across product teams.
• Research emerging threats/attack vectors and design effective defenses.
• Build and maintain security pipelines and tools that automate and embed security controls into developers’ workflows.
• Explore AI/LLM-based security automation approaches.
• Investigate and triage vulnerability reports from external researchers.
• Partner with product teams to provide security guidance and practical solutions.
• Support security awareness by creating guidelines/best practices, giving talks, and designing CTF challenges.

Requirements

• Proven experience in Application Security and/or Penetration Testing.
• Strong Web Application Security knowledge, including common attacks and OWASP Top 10.
• Degree in CS/IT or equivalent experience.
• Strong English communication skills.
• Experience in vulnerability analysis and proof-of-concept development.
• Understanding of cloud security fundamentals (AWS, GCP, Azure).
• Understanding of the modern SDLC (code reviews, CI, CI-based controls, CD, packaging).
• Experience in secure coding and effective security-focused code reviews.
• Analytical/problem-solving mindset and ability to work independently and in a team.

Nice to have

• Experience building security pipelines integrated into CI/CD and developer workflows.
• Security design review, security architecture, system hardening, and risk assessment experience.
• Experience building internal security tools/plugins for developer teams.
• Experience applying AI/LLM in security tooling/processes.
• Programming skills in Kotlin, Java, Python, or Go.
• Hands-on experience with SAST, DAST, SCA, and fuzzing.
• Experience with bug bounty programs (researcher/triager).
• Participation in CTFs or similar security competitions.
• Relevant certifications (e.g., OSCP, OSWE, GXPN, CISSP).
• Familiarity with GDPR, SOC 2, ISO 27001, and emerging AI regulations.

Location / Work model

• Anywhere in the world (remote).