Product Security Engineer

Come on board with Neo Group! Here's your chance to stir things up in the scene with us. We're not just expanding; we're revolutionizing the entire game, mastering profitability with every new venture. But you know what truly fuels our drive? It's people like you.

Neo Group is on the lookout for a Product Security Engineer to join our Engineering Team.

Responsibilities:

• Provide expert security guidance throughout all phases of the Software Development Life Cycle (SDLC) to product development teams and business leaders.
• Lead secure SDLC initiatives, including reviewing system architectures, supporting automated security tools, and conducting threat modeling and penetration testing.
• Manage the Vulnerability Management process: identify, triage, and oversee the resolution of security vulnerabilities.
• Design, build, automate, and maintain a suite of internal security tools to support ongoing security operations.
• Perform technical security reviews and analyses of proposed technical solutions to determine security impact and recommend security controls.
• Conduct independent internal reviews of security controls and information systems to ensure compliance with established policies and best practices.
• Provide clear and detailed overviews of the audit process, executing cybersecurity audits across various company departments.
• Write comprehensive reports for stakeholders, explaining security processes and recommendations in accessible language.
• Develop and monitor key security metrics to assess the effectiveness of security measures implemented.

Requirements

• Proven experience in conducting penetration testing and scoping security tests for various services.
• Hands-on experience facilitating threat modeling sessions with engineering and product teams.
• Knowledge of selecting, implementing, and maintaining advanced security products and services.
• Proficiency in automation scripting with popular languages such as Python, PowerShell, Ruby, or similar.
• Solid understanding of cryptography, authentication, and authorization protocols.
• Experience in managing security incidents, including developing incident response strategies, conducting post-mortem analysis, and implementing preventative measures.
• Strong collaboration and communication skills, capable of explaining complex security issues to non-technical stakeholders.
• Commitment to continuous professional development in the cybersecurity field.
• Proficiency in English and Russian, written and verbal.

Desirable Skills:

• Problem-solving aptitude and ability to adapt to rapidly changing technology landscapes.
• Team-oriented mindset with strong interpersonal skills to foster collaboration across various departments.
• Familiarity with key security standards and regulatory requirements (e.g., ISO 27001, NIST frameworks, GDPR, HIPAA) relevant to the industry.

Benefits

• Kick off your birthday month with a bang! Not only do you get heartfelt birthday wishes from your team, but you also enjoy a fully-paid day off. Celebrate your way!
• Prioritize your health with up to 80€ gross per month for wellness activities. Stay fit, unwind, or both – on us!
• Enjoy two paid meals per week, facilitated by our very cool office manager.
• Invest in your growth with 500€ annually for learning, and sharpen your English skills with free online courses. We're invested in your future!
• When you need time off for health reasons, enjoy 2 fully-paid health days, plus additional days off in compliance with Latvian laws.
• Delight in extras like prescribed vacation, comprehensive post-probation health insurance, annual optical wear reimbursement, free parking, and fun office features like PS5 and massage chairs. Don’t forget our lively team-building events – because work should be fun!