Senior II Security Engineer - Application

Responsibilities

• Own application and product security, partnering closely with engineering teams to improve security outcomes across the full SDLC
• Act as a strong technical voice in how we design, build, ship, and operate secure systems, driving initiatives end-to-end through influence, collaboration, and hands-on execution
• Work hands-on with our core backend stack (Python, Django), reading and writing code, contributing improvements, and building automation to scale security with product engineering teams to embed security into planning, design, and delivery, without slowing teams down
• Participate in architecture discussions and design reviews to identify risk early and propose pragmatic mitigations
• Lead and facilitate threat modeling for new features and significant changes, and translate results into prioritized engineering work
• Improve the secure SDLC end-to-end: requirements, secure design, implementation guidance, testing, release, and operational readiness
• Build "paved paths" and guardrails that make secure choices the default (libraries, patterns, templates, CI checks)
• Mature code and application security tooling, including selection, rollout, and adoption:
• SAST, SCA (We now use Snyk), secret scanning, and relevant DAST/API testing where it adds signal
• Integrate findings into developer workflows with clear ownership, SLAs, and low-friction remediation
• Proactively discover security issues through code review support, automation, security testing, and targeted assessments
• Improve vulnerability management for application and product security findings: triage, prioritization, remediation, verification, and trend reporting
• Create and deliver training and enablement for engineers (secure coding, common pitfalls, new patterns), and help grow security champions across teams
• Partner with GRC to ensure security requirements and controls are feasible, well understood, and evidenced through real engineering practice
• Lead engineering wide initiatives, managing stakeholders and aligning with business to deliver high impact results
• What you need to succeed:
• Strong experience in application and product security in modern web environments, with a track record of improving security outcomes across the SDLC
• Strong coding ability (reading, writing, reviewing, and proposing improvements) in any programming language
• Demonstrated experience influencing engineering teams through design reviews, threat modeling, and practical guidance
• Strong understanding of common web and API security risks (OWASP Top 10, auth and session risks, SSRF, injection, access control issues, secrets exposure, unsafe deserialization, etc.) and how they show up in real systems
• Experience selecting, introducing, and scaling security tooling in CI/CD (SAST, SCA, secret scanning, and related controls), including tuning to reduce noise and improve developer adoption
• Ability to turn

Benefits

Additional Information

We power people's progress. At Preply, we're all about creating life-changing learning experiences. We help people discover the magic of the perfect tutor, craft a personalised learning journey, and stay motivated to keep growing. Our approach is human-led, tech-enabled - and it's creating real impact. We've just reached unicorn status with a $150M Series D, accelerating our vision to transform education through human-led, AI-enhanced learning. Today, 100,000+ tutors teach 90+ languages to learners in 180 countries - and we're only getting started. As a category-defining company, we're shaping what the future of learning looks like at global scale. Every Preply lesson sparks change, fuels ambition, and drives progress that matters. Joining Preply means helping define the future of education at global scale, and building something that truly matters for millions of people, every day. Meet the team! The Security team partners across the company to help Preply grow safely and sustainably. We are responsible for platform security, application and product security, security operations, and incident response. We work closely with SRE, Data teams, Engineering teams, and our GRC function to make security practical, measurable, and scalable. We work in small teams, which means you'll have high ownership, real influence on technical decisions, and the opportunity to drive meaningful improvements across the company. We promote self-direction, strong collaboration, and a culture where trust and clear communication matter. We've reached 90%+ adoption of AI coding tools across engineering, and we're now moving towards more autonomous, AI-Augmented development at scale. At Preply, engineers have direct access to the best tools available, with the freedom to use them fully and experiment as they build. We have diverse technical challenges that will allow you to develop your skills across the stack - sometimes we write about them in our Engineering Blog ! Please, also visit our Tech Radar and our YouTube channel to learn more about the technologies we use at Preply!

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at preply? Share your experience