[Hiring] Senior Application Security Engineer @Prolific

Role Description

Security at Prolific isn't an afterthought, it's foundational to how we build. As a company trusted by world-leading research institutions and AI labs to handle sensitive data at scale, the security of our application layer is critical. We handle participant data, researcher credentials, payment flows, and API integrations that demand rigorous protection at the code level.

As a Senior Application Security Engineer, you'll be the technical authority on application security at Prolific. You'll work hands-on with our engineering teams to find and fix vulnerabilities in our codebase, perform security testing, build security tooling, and embed secure development practices into how we ship software. This isn't a governance or policy role, you'll be in the code, reviewing pull requests, threat modelling new features, and building the automation that keeps our platform secure as we scale.

You'll report to the Head of Engineering/Platform and work cross-functionally with product engineering, platform, data, and TechOps teams.

Qualifications

• Several years in application/product security or security engineering
• Strong knowledge of OWASP Top 10 (Web & API) and modern attack paths (e.g. auth flaws, SSRF, injection, business logic abuse, supply chain)
• Experience working with complex, large-scale systems and modern architectures
• Hands-on security testing experience (especially Burp Suite) across web apps and APIs
• Python for security tooling, automation, or custom detection (Django a plus)
• Experience implementing and tuning SAST, SCA, DAST, and secret scanning in CI/CD
• Practical threat modelling experience, including leading lightweight sessions
• Strong collaboration skills, able to clearly explain issues and drive remediation
• Builder mindset, you automate wherever possible

Requirements

• Experience with Django, Vue.js, MongoDB, GCP
• Security champions or bug bounty programmes
• Supply chain security (SCA, SBOMs, dependency review)
• IaC security (e.g. Terraform, policy-as-code)
• Hands-on certifications (OSCP, GWAPT, BSCP)
• Experience in scaling environments building out security practices

Benefits

• Competitive salary
• Benefits
• Remote working
• Impactful, mission-driven culture