Role Description We are seeking an experienced and motivated Staff Product Security Engineer to join our growing Security team. This individual will be responsible for the end-to-end security of our consumer products, digital platform, and an emerging hardware device line. The Staff Product Security Engineer will: - Drive security review, threat modeling programs, lead penetration testing, manage PSIRT operations, champion secure AI adoption, and establish security guardrails for AI-powered products and AI-assisted development workflows within a highly regulated financial services environment. - Report to the Senior Manager of Product Security. Your day-to-day: - Lead security architecture/design review and threat modeling sessions with product and engineering teams using STRIDE, PASTA, and attack tree methodologies. - Translate threats into actionable, risk-rated engineering remediations prioritized by severity. - Conduct hands-on penetration testing and security assessments across our full product stack producing actionable reports for engineering and leadership. - Red-Team our AI-powered products and development tools to test for prompt injection, data exfiltration, MCP server exploitation, and tool misuse. - Probe AI guardrails to ensure they hold. - Experience with product security tools such as Burp Suite, Metasploit, Kali Linux, Postman, etc. - Drive PSIRT Operations by triaging incoming vulnerability reports, leading technical investigations, coordinating remediation with engineering, scoring severity (CVSS), managing coordinated disclosure with external researchers and on-call incidents. - Manage zero-day findings, driving remediation, collaborating with engineering to patch or mitigate with compensating controls. - Shape the posture of our AI-assisted development environment defining and enforcing enterprise policies for Claude and Cursor. - Partner across the organization, sitting in design review with architects, advising product managers and engineering teams on security and compliance implications of new features. - Brief executives on emerging AI threats, mentor junior security engineers, and collaborate with the AI team on securing ML pipelines. - Champion Security Culture by running developer training on secure coding with AI assistants, evangelizing security by design for products, and ensuring every engineer understands that product security is an enabler and not a gate. Qualifications - 10+ years of product security experience spanning application security, cloud security, and secure SDLC. - Expert level Threat Modeling using STRIDE, PASTA or equivalent across web, mobile, cloud, embedded, and AI systems. - Hands-on penetration testing skills across applications, API, cloud infrastructure, and hardware/firmware. - PSIRT operational experience from vulnerability intake and triage. - Deep hands-on AI security expertise and expert level understanding of OWASP Top 10 for LLM, API, Web, Mobile. - Strong hands-on experience in security tools SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor. - Strong programming ability and capability to review code, build security tools, automate workflows. - Deep technical knowledge of CI/CD pipeline and relevant tools for web and mobile applications. - Strong knowledge of programming languages & frameworks (i.e. Node.js, Java/Kotlin, React, Redux, Swift, SwiftUI), cloud technologies and infrastructure (i.e. AWS, GCP, Kubernetes, Ambassador, Helm), and databases (i.e. MySQL, DynamoDB, Redis). - Ability to influence without authority, mentor without managing, and communicate complex risks in a language that resonates with engineers, product managers, legal and compliance, and executives alike. Requirements - Hardware and embedded security experience with knowledge of secure boot, firmware integrity, hardware root of trust, and IoT threat modeling experience. - Experience in the Financial industry, knowledge of PCI DSS, COPPA or demonstrated ability to learn regulated domains quickly. Benefits - Medical, dental, vision, and HSA match. - Paid life insurance, AD&D, and disability benefits. - Traditional 401k with company match. - Unlimited PTO. - Paid company holidays and pop-up bonus holidays. - Professional development stipends. - Mental health resources. - 1:1 financial planners. - Fertility healthcare. - 100% paid parental and caregiving leave, plus cleaning service and meals during your leave. - Flexible WFH, both remote and in-office opportunities. - Fully stocked kitchen, catered lunches, and occasional in-office happy hours. - Employee resource groups.

Role Description We're looking for a Cloud Network Engineer with deep expertise in Google Cloud networking and Terraform to help build and operate hybrid cloud infrastructure. This role combines cloud networking, infrastructure automation, and systems engineering, requiring someone who can proactively improve network performance while designing scalable and secure cloud architectures. Key Responsibilities - Design and manage hybrid networking environments connecting Google Cloud with on-premise infrastructure. - Build and maintain Google Cloud networking resources, including VPCs, VPNs, Interconnect, Load Balancers, and Firewall Policies. - Develop and maintain Infrastructure as Code using Terraform. - Build and refactor JSON-driven Terraform modules. - Monitor infrastructure performance and proactively resolve issues. - Perform root cause analysis for networking and infrastructure incidents. - Design secure networking solutions and improve overall system reliability. Qualifications - Strong experience with Google Cloud networking. - Good understanding of Azure Networking, particularly Virtual Networks (VNets). - Advanced Terraform experience, including reusable modules. - Experience designing, implementing, and maintaining cloud infrastructure. - Strong troubleshooting and root cause analysis skills. Nice to Have - Google Cloud Certifications. - Networking certifications. - Experience integrating Terraform with Bluecat. - Experience with Spacelift. - Experience using Google Cloud Network Connectivity Center. Requirements - Type of Employment: Contractor (6-month project) - Work Modality: 100% Remote - Work Schedule: Full-time - Location: LATAM - Project Duration: Through December 31, 2026

• Driving the Enterprise Security agenda internally and externally. • Being a leader in driving the Enterprise Security agenda internally and externally.

Role Description SmartRecruiters is looking for a Senior Information Security Engineer to join the Governance, Risk & Compliance (GRC) team. This role is critical to ensuring that SmartRecruiters' applications, systems, and processes remain compliant with industry standards and regulatory requirements, including: - ISO 27001 - ISO 22301 - ISO 42001 - SOC 2 Type II - Cyber Essentials - GDPR - EU AI Act The successful candidate will combine strong GRC expertise with a technical, engineering mindset, driving compliance programmes across multiple frameworks while also addressing complex technical topics such as: - Business continuity - AI security - Cloud compliance This is not a purely audit-focused role; we need someone who can: - Assess security architectures - Support forensic investigations - Build automation to replace manual processes - Provide hands-on guidance to engineering and security teams - Identify opportunities to engineer scalable, repeatable solutions Qualifications - 5+ years of experience in information security, governance, risk, and/or compliance roles with a technical orientation - Demonstrated compliance or auditing experience with at least one major framework - Solid understanding of controls auditing principles and evidence management - Knowledge of risk management methodologies and experience conducting or supporting risk assessments - Ability to manage and deliver on multiple complex projects simultaneously, with minimal supervision - The ability to investigate, question, and interpret internal and external IT security and compliance issues at both a governance and technical level - A strong understanding of technology, cloud-based products, and SaaS environments - Experience working across business units and geographical boundaries to engage engineering, business, and operational teams - Experience with ISO 27001 - Excellent written and verbal communication skills in English Requirements - Professional certifications such as CISA, CRISC, CISM, CISSP, CCSK, CCSP, or equivalent - Experience with ISO 9001, 27017, and 27018 - Experience with ISO 22301 (Business Continuity), including BIA, BCP/DRP, and recovery testing - Experience with BSI C5 (Cloud Computing Compliance Criteria Catalogue) or similar cloud-specific compliance frameworks - Knowledge of AI security principles, experience with ISO 42001, or familiarity with the EU AI Act and its technical requirements - Technical understanding of cloud infrastructure (AWS preferred), networking fundamentals, identity management, and SaaS security architectures - Experience with enterprise risk management frameworks and tools - Understanding of threat modelling methodologies and secure development lifecycle (SDLC) principles - Hands-on experience with incident response, including participation in security incident investigations, containment, and post-mortem processes Benefits - Remote-friendly culture - Competitive salaries - Strong internal mobility - Meaningful growth opportunities - Environment built on respect and empowerment Company Description SmartRecruiters is the Recruiting AI Company that transforms hiring for the world’s leading enterprises. Built for global scale, SmartRecruiters, an SAP company, delivers an AI-powered hiring platform that automates and optimizes the entire talent acquisition process, ensuring faster and smarter hiring decisions. More than 4,000 companies, including Amazon, Visa, and McDonald's, rely on SmartRecruiters to build winning teams. Recognized by Fosway Industry Analysts as a strategic leader in recruitment technology for three consecutive years, and awarded by Comparably as a top company for Women, Perks and Benefits, Work-Life Balance, Happiness, Compensation, Diversity, and Culture - we take pride in creating a place where everyone can thrive.