At Teamtailor, security is a core part of how we build and operate our product. We’re looking for a mid-level Security Engineer who wants to work hands-on with application security, vulnerability management, and incident response, while partnering closely with developers to reduce real risk.
This is a technical individual contributor role reporting to the CISO. You’ll operate across product and processes, spending time on improving how security is done day to day, while always leaving room for urgent, reactive work when needed. The role also includes some compliance-focused tasks, primarily from a technical perspective.
What you’ll do
Operate the vulnerability lifecycle end to end, from intake and validation to verification and closure
Triage and validate findings from bug bounties, scans, penetration tests, customers, and internal sources, ensuring developers get high-quality, actionable issues
Partner closely with developers on remediation, threat modeling, and security reviews
Act as a technical security lead during incidents and help develop incident response playbooks
Support security architecture reviews, external integrations, and security awareness across the organization
Support incoming security requests from product specialists and handle technical security inquiries
Contribute technical input to compliance efforts such as audits and certifications
What success looks like after 6–12 months
The vulnerability intake and triage process is predictable, trusted by developers, and low-noise
Security findings are validated, well-prioritized, and moved to closure efficiently
Customers and other external stakeholders receive clear, timely updates and feedback on security findings
Incident response is calmer, faster, and supported by clear playbooks
What you bring
Hands-on experience with application security and vulnerability management
Strong ability to triage, validate, and prioritize security findings from multiple sources
Comfort reading and understanding source code to assess security issues
Experience collaborating closely with developers and providing practical security guidance
Exposure to incident response or operational security work
Ability to balance proactive improvements with reactive, time-sensitive security tasks
A desire to keep security work clean, structured, and well-organized
Clear communication skills and a pragmatic, risk-based mindset
You are not required to write production code, but being able to read and write code is a strong merit