Cybersecurity Engineer, Product Security
Tartu, Estonia
Bolt
Bestelle eine Fahrt, lass dir Essen liefern, miete ein Auto oder einen E-Scooter und buche Geschäftsfahrten. Verfügbar in über 600 Städten und 50 Ländern.We are looking for a Cybersecurity Engineer to join our Product Security team and support our product growth by addressing gaps in product vulnerability management.
About us
With over 200 million customers in 50+ countries, Bolt is one of the fastest-growing tech companies in Europe and Africa. And it's all thanks to our people.
We believe in creating an inclusive environment where everyone is welcome, regardless of race, colour, religion, gender identity, sexual orientation, age, or disability.
Our ultimate goal is to make cities for people, not cars, and we need your help to achieve this mission!
About the role
As a Product Security Engineer, you will be responsible for ensuring we are following vulnerability management best practices and acting as a key point of contact for vulnerability identification and remediation efforts between penetration testers, bug bounty submissions, and engineering teams.
You will be closely collaborating with key internal stakeholders to determine how to mitigate security vulnerabilities, providing guidance and raising awareness across different functions.
Main tasks and responsibilities:
- Conducting security risk assessments early in the SDLC, ensuring security is embedded from the design stage by reviewing design documents and engaging with product managers
- Managing and refining our vulnerability management processes to ensure faster and more efficient feedback loops between penetration testers, bug bounty submissions, and engineering teams and, reducing the resolution time of critical and high-severity vulnerabilities
- Refine and enhance our external vulnerability management program (i.e., bug bounty program), validating submissions, and working with program managers to maximize its impact
- Providing technical guidance to engineers and raising awareness about common secure coding practices to reduce recurring vulnerabilities
- Participating in information security incident handling process
- Support the information security compliance processes by ensuring vulnerability management practices align with compliance requirements (e.g., PCI DSS, ISO 27001)
About you:
- You have experience with threat modeling, security design reviews, security architecture, pentesting, and vulnerability management
- You have the ability to provide clear, practical guidance to engineering teams for remediation
- You are knowledgeable about common vulnerabilities (such as those outlined in the OWASP Top 10)
- You have a good understanding of the implementation of SDLC within Agile-like environments
- You preferably have a background working on product companies with an emphasis in product security
Experience is great, but we also look for drive, intelligence, and integrity. So, even if you don’t tick every box, please consider applying if you feel you’re the kind of person described above!
Why you’ll love it here:
- Play a direct role in shaping the future of mobility.
- Impact millions of customers and partners in 600+ cities across 50+ countries.
- Work in fast-moving autonomous teams with some of the smartest people in the world.
- Accelerate your professional growth with unique career opportunities.
- Get a rewarding salary and stock option package that lets you focus on doing your best work.
- Enjoy the flexibility of working in a hybrid mode with a minimum of 2 days in the office each week to foster strong connections and teamwork.
- Take care of your physical and mental health with our wellness perks.
*Some perks may differ depending on your location and role.
#LI-Hybrid
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Compliance ISO 27001 OWASP PCI DSS Pentesting Product security Risk assessment SDLC Vulnerabilities Vulnerability management
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.