We are seeking an experienced and talented Security Engineer to join the Product Security Team and help safeguard JetBrains’ products and services. In this role, you will work closely with product teams to establish, maintain, and continuously improve security processes as part of our SSDLC. You will conduct in-depth security reviews and tests across various development stages, design and implement security controls, set up security automation and pipelines, and contribute to building a strong, developer-friendly security culture. This position offers the opportunity to work on both web and desktop products, tackle complex security challenges, explore innovative solutions — including AI and LLM-driven approaches — and have a direct impact on the security posture of tools used by millions of developers worldwide.

As part of our team, you will:

• Conduct security tests and reviews of web and desktop JetBrains products, including features, designs, architecture, and code.
• Perform threat modeling and risk assessments for new features, components, and integrations.
• Establish and improve SSDLC and Application Security processes across product teams.
• Research and address new attack vectors and threats, and help design effective defenses.
• Help to develop, integrate, and maintain security pipelines and tools that embed security controls into the development workflow or automate manual, time-consuming tasks.
• Research and implement AI/LLM-based approaches for security automation.
• Investigate and triage vulnerability reports submitted by external researchers.
• Collaborate with product teams, providing security guidance, vision, and practical solutions.
• Contribute to security awareness — create and maintain security guidelines, best practices, give talks, and create CTF challenges.

We’d love for you to join our team if you have:

• Proven experience in Application Security and/or Penetration Testing.
• Solid knowledge of Web Application Security principles, common attacks, and OWASP TOP 10.
• A degree in computer science, information technology, or equivalent experience.
• Fluent in English with strong written communication skills.
• Strong experience in vulnerability analysis and proof-of-concept development.
• Understanding of cloud security fundamentals (AWS, GCP, Azure).
• Understanding of the modern software development lifecycle (code reviews, CI, CI-based controls, CD, packaging)
• Experience in secure coding and conducting effective security-focused code reviews.
• An analytical and problem-solving mindset, with the ability to work both independently and in a team.

We’d be particularly thrilled if you have:

• Experience building security pipelines and integrating them into developer workflows and CI/CD.
• Experience in security design review, security architecture, system hardening and risk assessment.
• Experience developing internal security tools or plugins for developer teams.
• Experience applying AI/LLM in security tooling or processes.
• Programming skills in one of Kotlin, Java, Python, or Go.
• Knowledge of desktop application security (Windows, macOS, Unix).
• Hands-on experience with SAST, DAST, SCA, and fuzzing.
• Experience with bug bounty programs — as a researcher or a triager.
• Participation in CTFs or other practical security competitions.
• Any relevant certifications such as OSCP, OSWE, GXPN, CISSP.
• Familiarity compliance and regulatory frameworks such as GDPR, SOC 2, ISO 27001, and emerging AI regulations

We process the data provided in your job application in accordance with the Recruitment Privacy Policy (https://www.jetbrains.com/legal/privacy/privacy-recruitment.html)