Submitting more applications increases your chances of landing a job.
Here’s how busy the average job seeker was last month:
Opportunities viewed
Applications submitted
Keep exploring and applying to maximize your chances!
Looking for employers with a proven track record of hiring women?
Click here to explore opportunities now!You are invited to participate in a survey designed to help researchers understand how best to match workers to the types of jobs they are searching for
Would You Be Likely to Participate?
If selected, we will contact you via email with further instructions and details about your participation.
You will receive a $7 payout for answering the survey.
Xsolla seeks a security engineer to join a new security team during a critical build-out phase. You work across application security and infrastructure security - reviewing code, hardening cloud environments, supporting incident response, and partnering with engineering teams to improve security posture across the company.
This is a generalist role well-suited to an early-team hire. You are comfortable working across domains rather than specializing in one, and you grow into deeper expertise as the team and program mature. You collaborate closely with the security program manager and work directly with engineering teams on secure design, findings, and remediation.
Our tech stack includes GCP, vSphere/ESX, Kubernetes and container workloads, MariaDB, CockroachDB, Go, PHP, and Python. You do not need expertise in all of these, but you are comfortable navigating a mixed environment and learning what you need.
As always true in job descriptions, there is an intangible value that is hard to capture. We look for a diverse set of perspectives and skills. Even if you don't match every requirement, we encourage you to apply if you think you can be highly successful in this role.
Responsibilities
Perform Application Security Reviews - Conduct code reviews, run SAST/DAST and dependency scanning tools, and work with engineering to resolve findings.
Participate in Threat Modeling - Contribute to threat modeling sessions for new features and architecture changes, helping identify risks early in the design process.
Help Harden Cloud and Container Infrastructure - Work on GCP, Kubernetes, and IAM configurations to strengthen the security of our cloud and container environments.
Participate in Pen Test Remediation - Help triage penetration test findings and work with engineering teams to implement fixes, coordinating closely with the security program manager.
Partner with Engineering on Secure Design - Review architectures, advise on secure implementation patterns, and help teams make informed security decisions.
Identify and Track Security Findings - Document findings, assess severity, and track them through the remediation lifecycle to resolution.
Support Incident Response - Help investigate and document security events, contribute to root-cause analysis, and support containment efforts.
Write Async Security Guidance - Produce advisories, best-practice documentation, and practical guidance that helps engineering teams build securely across time zones.
Support Product Security - Work with partners on the security posture of customer-facing services, contributing to reviews and assessments as needed.
What You Bring
Cloud Environment Exposure - Has worked with GCP or a similar cloud provider and is comfortable with IAM, networking, and container concepts.
Code Literacy - Reads and reviews code in one or more of: Go, Python, PHP. Does not need to be a software engineer, but can follow logic and spot issues.
Security Tooling Familiarity - Has used or is familiar with SAST, DAST, or dependency scanning tools and understands how they fit into a development workflow.
Strong Written Communication - Writes clear, concise async documentation - findings, advisories, guidance - that works across time zones and audiences.
Collaborative Mindset - Partners effectively with engineering teams. Focuses on helping teams build securely rather than just identifying problems.
Self-Directed with Growth Mindset - Eager to learn, comfortable with ambiguity, and able to make progress with minimal direction in a new and evolving team.
Nice to Have
Threat modeling experience;
Hands-on Kubernetes or container security experience;
Infrastructure security background - Linux, networking, vSphere/ESX;
Familiarity with NIST CSF, PCI, SOC 2, or ISO 27001 from a technical perspective;
Detection engineering or incident response experience;
Experience building security automation or internal tooling;
Relevant certifications (OSCP, GWAPT, CKS, or similar hands-on certs).
You'll no longer be considered for this role and your application will be removed from the employer's inbox.