Security Engineer (Node.js / GCP)

Security Engineer (Node.js / GCP)Location: 100% RemoteEmployment Type: B2B 100% FTE About the Project We are seeking an experienced Product Security Engineer for a dynamic technology company specializing in advanced digital systems. This is a role for a hands-on practitioner who can actively secure real-world cloud systems, write secure code, and take full ownership of the security landscape throughout the product lifecycle. Key Responsibilities • Practical Penetration Testing: Conducting tests on Node.js/TypeScript applications, APIs, and iOS/Android platforms using tools such as Burp Suite. • Vulnerability Remediation: Identifying and fixing vulnerabilities, including authorization bypass, injection, and deserialization flaws. • Secure API Standards: Defining and implementing standards for JWT/OAuth, TLS/mTLS, validation, rate limiting, and CORS. • Infrastructure Hardening: Securing and hardening Kubernetes/GCP environments, Postgres databases, and Redis/BullMQ. • Secure SDLC: Creating and improving Secure SDLC practices, including threat modeling, code reviews, and integrating SAST/DAST into CI/CD pipelines. • Monitoring & Incident Response: Implementing automated monitoring using eBPF and Falco, and supporting incident response efforts. • Compliance & Standards: Collaborating on initiatives related to GDPR, ISO 27001, and SOC 2. • Software Engineering: Writing clean, testable, and secure code that is easy to maintain across all products. Requirements • Hands-on Experience: Proven track record of securing applications and cloud environments in real-world systems. • Technical Stack: Deep expertise in securing Node.js and TypeScript backends. • Cloud & Orchestration: High level of comfort working with Google Cloud Platform (GCP) and Kubernetes. • Security Standards: Extensive knowledge of OWASP API & Mobile Top 10. • Language Skills: English proficiency at a B2/C1 level for effective communication in a professional environment. • Mindset: Ability to work independently, identify problems early, and take full ownership without being pushed. • Code Quality: A commitment to writing code that is clean, maintainable, and robust