Senior Application Security Engineer

Every day, millions of people rely on WeTransfer to share their creative ideas.
Having made its name in the game of quick and simple file-sharing, WeTransfer has grown into an end-to-end suite of digital solutions with more than 87 million monthly active users in 190 countries. Beyond the WeTransfer.com platform, we have the storytelling platform WePresent, quick slide-making tool Paste, immersive sketching app Paper, and inspiration-capturing tool Collect. We design and deliver delightful experiences that continue to feel obvious and intuitive to millions of people—from our moms to your favorite artists. As a certified B-Corp, WeTransfer aims to be a sustainable and responsible tech company, balancing people, planet, and profit
So, the work we do matters. Come and be a part of it.
⚠️ Position open in UK/NL/FR (plus remote options in Europe) ⚠️
About you and us
At WeTransfer it’s all about sustainability (we are a Bcorp after all)—and we want the same for our security culture. We want it to be persistent, positive, and most of all sustainable. We believe in a security culture that is less about jumping down people's throats than it is teaching them how to improve. And this is where you come in. By joining us, you’ll perform a key role in our security efforts both on a practical level (code review, pen test, incident analysis) and on an awareness level (training, mentoring, and more).
You’ll partner with the global WeTransfer teams and continuously improve our products’ security at all phases of the software development lifecycle. Get your hands dirty with finding and fixing security issues and keep educating your colleagues about how to keep things safe. The security community external to the company will be your info-point for current and future threats. If an accident occurs, you are on the forefront of taking action—working with everyone involved to solve the issue and correctly communicate about it. The security roadmap will be something you actively participate on as well, bringing up new ideas and leading the implementation of the plans.    

What you’ll be working on, in more detail

• Collaborating with product designers and developers to ensure our applications are beautifully secure
• Working with infrastructure and product teams to make sure that our environment is properly protected
• Deploying and maintaining security tools to secure our SDLC, and implementing custom security tools that will help us tackle possible threats
• Manual testing and code reviewing for our products to reveal and mitigate possible security flaws
• Continuously improving WeTransfer's DevSecOps environment
• Doing the triage and communication around our responsible disclosure program
• Supporting and expanding our security culture through trainings, while answering questions from colleagues around security issues
• Working with Information Security and IT Services to ensure awareness and compliance throughout the business

What we are looking for

• Ability to perform manual security testing (web and mobile) and come up with mitigation suggestions
• Comfortable with designing, leading and implementing security initiatives
• Good knowledge of common and not so common vulnerabilities (OWASP top 10, etc)
• Experience with SAST, SCA and IAC tools
• Willingness to design and deliver secure code training or security awareness workshops
• Solid experience with security analysis tools - anything from Burp suite and Tenable to Datadog application security and to the various security tools AWS provides
• Familiarity with AWS cloud services, k8s, Docker, CI/CD
• Some familiarity with Ruby/Rails, JS
• Strong verbal and written communications skills in English

You can collect bonus points with these

• Extensive penetration testing experience followed by certifications such as OSCP, OSCE, OSWE
• Security Incident Response experience
• Proven experience in a similar role in a product organization
• Developed custom security tools
• Worked with languages other than Ruby (e.g., Python, Go, Typescript)
• Contribution to Open Source projects (we’d love to see them!)

WeTransfer is an equal opportunity employer and we pride ourselves on the diversity of our people. We welcome you, and everything that makes you—well, you. That includes your gender identity, sexual orientation, religion, ethnicity, age, or disability status.
A note on remoteOur work environment is hybrid-remote, meaning that we support our employees to work remotely and in the office. We encourage employees to decide for themselves and with their team whether or when to go to the office. However, we recommend that you don't come to the office more than 2-3 per week - since that wouldn't be hybrid anymore.
While it is not necessarily a determining or disqualifying factor for any role, you may be required to complete a standard employment background screening.