Key skills
AndroidCloudGoogle Cloud PlatformiOSJavaScriptKubernetesNode.jsPostgresRedisSDLCTypeScriptGCPGoogle CloudIAMOAuthJWTCI/CDRemote WorkOWASPPenetration TestingCloud Security
About this role
Role Overview
- Take ownership of application and cloud security across our services, APIs, mobile apps, and Kubernetes-based GCP infrastructure
- Conduct hands-on penetration testing (Node.js/TypeScript, APIs, iOS/Android), including tools such as Burp Suite
- Identify and remediate vulnerabilities (e.g., auth bypass, injection, deserialization flaws)
- Define and implement secure API standards (JWT/OAuth, TLS/mTLS, validation, rate limiting, CORS)
- Harden infrastructure (Kubernetes/GCP, Postgres, Redis/BullMQ) and secure mobile applications
- Establish and continuously improve Secure SDLC practices (threat modeling, reviews, SAST/DAST in CI/CD)
- Implement automated monitoring (eBPF, Falco) and support incident response
- Contribute to GDPR, ISO 27001, and SOC 2 initiatives
Requirements
- Solid hands-on experience in application and/or cloud security
- Experience with Kubernetes and GCP
- Strong understanding of API security (OWASP API & Mobile Top 10)
- Experience securing Node.js/TypeScript systems
- Comfortable working independently and driving initiatives forward
- Nice to have: CISSP, CKS, CCSP, OSCP | Container scanning | GCP IAM | Automation scripting
Tech Stack
- Android
- Cloud
- Google Cloud Platform
- iOS
- JavaScript
- Kubernetes
- Node.js
- Postgres
- Redis
- SDLC
- TypeScript
Benefits
- Remote work & flexible setup
- Professional development & certification budget
- A role with real ownership and strong visibility
- High impact in a high-growth environment