Application Security Engineer

Job description

Our company

At Proton, we envision an internet where privacy is the default, and we’re building ways to help all people secure their digital lives and take control of their data.ProtonMail was founded in 2014 by a group of scientists who met at the European Organization for Nuclear Research (CERN). And since its inception, the company has grown at a fast pace and today has over 40 million users. 

Our principal product, ProtonMail, is the world’s largest secure email service. Our second product, ProtonVPN, is one of the world’s most popular VPN services. Our vision is to build an internet platform for the protection of digital rights, and we are also developing additional products, including ProtonCalendar, ProtonDrive, and more to come.Proton users include leaders of the Hong Kong protest movement, New York Times journalists, some of the world’s largest corporations, and millions of ordinary citizens from over 180 countries. Our team is diverse and dynamic, representing over 30 different nationalities, with offices in Geneva, Zurich, Prague, Vilnius, Skopje, and Taipei.


About the position

We are looking for a reliable and diligent engineer, with good judgment and track record in software security engineering, who can bring their experience to Proton. You will have an opportunity to contribute to advancing security, while working with other Security Engineers, Product Managers, and Developers throughout the Proton organization to instill a core security mindset and culture. This job provides an opportunity for contributing to technical security leadership, inside and outside of Proton. And will allow you to stay on top of current developments for the benefit of Proton products and services.

What you will do:

  • Assessing, documenting, and communicating the analysis of cyber vulnerabilities, threats, and risks.
  • Configuring and integrating SAST and other security processes into Proton’s development infrastructure.
  • Driving security threat model exercises.
  • Researching and planning for emerging threats and vulnerabilities.

Job requirements

  • BS or MS in Computer Science, a related field, or equivalent experience.
  • Strong coding and debugging skills including C#, Python, PHP, Javascript.
  • 5+ years of experience testing web services, identifying, and remediating OWASP top 10 security flaws, and understanding large complex systems quickly.
  • Experience in penetration testing and/or static code analysis.
  • Strong background in customizing static, dynamic, and runtime analysis tools.
  • Experience developing for Windows, IOS, Android and/or Linux.
  • Demonstrated experience working with open-source projects.
  • Strong Operational Security skills.

     Knowledge in the following areas is considered a plus:

    • Knowledge of cyber security concepts and the ability to apply this knowledge to hunt for insights that can help optimize and reduce time for security investigations.
    • Foundational knowledge in information technology, including cloud services, hardware, networking, architecture, protocols, file systems, and operating systems.
    • Ability to communicate complex and technical issues to diverse audiences, orally and in-writing, in an easily understood, authoritative, and actionable manner.
    • Working knowledge of RESTful web APIs and complex systems
    • Any security certifications such as SANS , ISC2.


    Why you should join Proton:

    • We work on interesting, challenging problems every day. There is never a dull moment.
    • Our startup culture means everyone’s opinion matters. You can have a significant impact.
    • Our rapid growth means there are many opportunities for advancement.
    • The chance to do something meaningful. Proton products protect dissidents, journalists, and activists. Our work saves lives.
    • Be part of something bigger. Millions of people and businesses around the world have embraced our idea of an Internet where privacy and security are the default. Join the privacy revolution that is changing the world.


    ProtonMail is using Recruitee recruitment platform for more effective hiring and better candidate experience. Your data will be kept confidential and not shared with any third parties.

    Keep in mind that you will receive emails from careers@protonmail.recruitee.com email or other addresses on the protonmail.recruitee.com domain.