Security Engineer - Application

<p dir="ltr"><strong>Join our global force of 500+ innovators, blending the latest in tech with the greatest in soundtracking, from our Stockholm HQ to offices in London, New York, Los Angeles, Berlin, Oslo, and Seoul. We’re an industry leader with a startup mentality. We take what we do seriously, but we don’t take ourselves too seriously. Creating and collaborating to transform the sound of streaming, content, and culture. Come join us—and let the world feel your work.</strong><br><br>We are looking for a <strong>Security Engineer</strong>, specializing in <strong>Application or Product Security,</strong> you will form a key part of the Security Division here at Epidemic Sound. You, along with your team, will help ensure our customers and services are protected from a wide range of online threats. Although we are a global company, this position will be based in our Stockholm office.<br><br><strong>Job Summary</strong><br>Help to design and increase the maturity of our Secure Software Development Lifecycle (SSDLC) to remain resilient to ever changing attack vectors. Balance working closely with a small team of security experts with embedding regularly with product development teams to understand our product needs, build relationships, and translate security knowledge and best practices to best suit the needs of our product teams through in person interactions as well as code libraries and written documentation.<br><br><strong>Responsibilities</strong></p><ul><li dir="ltr"><p dir="ltr">Working closely with software engineering teams and individuals to identify, track and fix vulnerabilities/risks in our applications and products.</p></li><li dir="ltr"><p dir="ltr">Expanding, architecting, implementing and evangelizing our SSDLC.</p></li><li dir="ltr"><p dir="ltr">Sharing your knowledge through solid documentation, secure coding libraries, secure code reviews, delivering internal tech talks and security awareness training to technical staff. </p></li><li dir="ltr"><p dir="ltr">Embedding within development teams to build secure awareness and accurately gauge risk profiles throughout our product environment. </p></li><li dir="ltr"><p dir="ltr">Promoting secure ways of working across all areas of the organization.</p></li><li dir="ltr"><p dir="ltr">Helping to identify and evaluate new security tools and services, and integrate existing tools and services into central dashboarding tools.</p></li><li dir="ltr"><p dir="ltr">Assisting with security incidents (including on-call), breaches and training exercises around them, including creating security patches.</p></li><li dir="ltr"><p dir="ltr">Working on a wide range of projects and new initiatives in the team.</p></li><li dir="ltr"><p dir="ltr">Responding to product security-related requests from across the organization.</p></li><li dir="ltr"><p dir="ltr">Mentoring junior security engineers.</p></li><li dir="ltr"><p dir="ltr">Writing solid documentation that can be used by a wide range of different viewers.</p></li></ul><p dir="ltr"><br><strong>Requirements</strong></p><ul><li dir="ltr"><p dir="ltr">Experience securing products and applications, familiarity with BurpSuite Enterprise, Snyk and Burpsuite Professional especially appreciated.</p></li><li dir="ltr"><p dir="ltr">Security features of the big public cloud providers (preferably GCP)</p></li></ul><ul><li dir="ltr"><p dir="ltr">At least one programming or scripting language (<strong>Python, Go</strong>, <strong>Kotlin, Node.js, and Bash </strong>experience preferred)</p></li></ul><ul><li dir="ltr"><p dir="ltr">Kubernetes, Docker or any other containerization architecture</p></li></ul><ul><li dir="ltr"><p dir="ltr">Experience with Git, Github Actions and Terraform</p></li></ul><ul><li dir="ltr"><p dir="ltr">Identifying vulnerabilities in software, systems and processes</p></li><li dir="ltr"><p dir="ltr">Static code analysis</p></li><li dir="ltr"><p dir="ltr">Writing test cases for existing code</p></li><li dir="ltr"><p dir="ltr">Penetration Testing</p></li></ul><p dir="ltr">And a good understanding or working knowledge of common security frameworks (ISO 27001, SOC2, PCI-DSS, NIST, etc), compliance and regulatory requirements.<br><br><strong>Equal opportunity employer</strong><br>We believe that bringing people together from different backgrounds, experiences and perspectives makes for a healthy workplace, a more successful business and a better world. We value diversity and encourage everyone to come and soundtrack the world with us.<br><br><strong>Application</strong><br>Ready to make the world <em>feel </em>your work? Please apply, in English, by clicking the link “interested” below. <br></p> •

Last updated on Jan 10, 2025