Product Security Expert
This is a remote position. We are looking for a Product Security Engineer to join our team and support vulnerability triage, risk-based testing, and test automation initiatives across modern cloud-based platforms. In this role, you will focus on identifying, classifying, and validating security findings while contributing to a robust testing strategy and automation framework. You will work closely with internal teams using asynchronous communication and apply both analytical and exploratory approaches to ensure high-quality software delivery. The role combines application security, vulnerability assessment, and quality assurance, with a strong focus on structured analysis, automation, and cloud environments. Responsibilities: Review and triage security findings from ASPM tools Classify findings as true positive, false positive, or requires additional context Document classification rationale using standardized templates Maintain and organize findings backlog per product Flag ambiguous or unclear findings for further review Work across multiple vulnerability categories: SAST (code-level vulnerabilities) SCA (dependency and transitive risks) Secret detection (credentials exposure) CSPM (Azure cloud misconfigurations) Develop and refine a risk-based testing strategy Apply exploratory testing techniques for complex and high-risk scenarios Validate end-to-end business flows from a user perspective Build and maintain automated test suites using: Playwright (TypeScript) for new tests Selenium (C#) for existing legacy tests Support migration from Selenium to Playwright over time Collaborate with the team to ensure scalable and maintainable test architecture Leverage AI tools to accelerate: Test design Test data generation Automated test development Continuously improve QA processes based on: Production incidents User feedback System logs and analytics Requirements: BSc or MSc in Computer Science, Engineering, or a related field Experience with vulnerability assessment and security concepts (OWASP Top 10 level) Familiarity with Azure cloud services Ability to read and understand code (e.g., .NET/C#, JavaScript/TypeScript, Python) Understanding of dependency scanning and transitive dependencies Experience with test automation frameworks (Playwright and/or Selenium) Strong attention to detail and structured work approach Ability to work independently with asynchronous communication Fluency in written English Hands-on experience with: ASPM / SAST / SCA tools Test automation frameworks (Playwright, Selenium) Exploratory and risk-based testing strategies Nice-to-have: Experience with tools such as: Snyk Checkmarx Semgrep SonarQube Aikido Wiz OX or similar Experience using AI tools for triaging and test automation Strong communication skills Analytical mindset with a focus on accuracy over speed Ability to balance security, quality, and business priorities Collaborative and proactive attitude If this sounds like you, share your CV with us and let’s talk.