Senior Application Security Engineer

Join Proton and build a better internet where privacy is the defaultAt Proton, we believe that privacy is a fundamental human right and the cornerstone of democracy.
Since our inception in 2014, founded by a team of scientists from CERN, we have dedicated ourselves to providing free and open-source technology to millions worldwide, ensuring access to privacy, security, and freedom online.Our journey began with Proton Mail, the largest secure email service globally, and has since expanded to include Proton VPN, Proton Calendar, Proton Drive, and Proton Pass.
These tools empower individuals and organizations to take control of their personal data, break away from Big Tech's invasive practices, and defeat censorship.
Our work impacts hundreds of millions of lives, from activists on the front lines defending freedom to leaders in governments protecting sensitive information.
In some cases, Proton's services have even been instrumental in saving lives by enabling secure and private communications in high-risk situations.Proton is a profitable company that does not rely upon VC funding, supporting over 100 million user accounts with a growing team of over 500 people from over 50 different countries, from the world's top companies and universities.
We value intelligence, learning potential, and ambition in our hiring process.
Adaptability is key as we navigate uncharted territories and redefine how business is conducted online.Hiring at Proton is highly selective, with less than 1% of candidates hired.
We believe smaller teams of exceptional talent will always prevail over larger teams with lower talent density.
You will have the opportunity work with many of the world's top minds in their fields, ranging from former international math and science olympiad winners to chess champions.We have a global mindset and big ambitions but remain a start-up at heart.
We value empowerment and flexibility and keep our structure flat to keep moving fast and avoid unnecessary politics.
Tired of blending into the crowd?
Join us and do work you can truly be proud of.
Check ouropen-sourceprojectshere!The Team:The Security team is tasked with protecting Proton's and its users against various cyber-security threats.
We ensure the confidentiality, availability and integrity of thousands of assets, necessary to the fulfillment of Proton's privacy mission.
Since 2018, the team has been providing services to other business units, including security monitoring, risk management, internal advisory, product security, vulnerability management and identity & access management.
Our mandate includes the protection of people, devices, applications, infrastructure, data, software and our products.
We work mainly with on-prem infrastructure and open source tools.The security team is small yet mighty.
We are a close-knit group of people who work hard to help Proton achieve its mission.
We strongly believe that we cannot protect our users' privacy if we do not protect the company's security.Tech Stack and Tools:Proton currently offers the following products: Mail, Calendar, VPN, Pass, Drive, each of which is available on multiple platforms, including Windows, MacOS, iOS and Linux.Our infrastructure is entirely composed of Linux machines.Wherever we can, we make use of open-source technologies.About the role:You will be leading our efforts to ensure that Proton's applications are secureWhat you will be doing:Perform penetration tests on Proton products, both those released to the public and notSupport bug bounty triage by reproducing submissions and assessing their potential impactWorking with engineering teams to remediate identified bugsIdentifying and implementing improvements in product security and secure codingWork with the wider Security and developer units to create security guidelinesDemonstrate the value of an "assume breach" mentalityPerform threat modeling and security reviews: review the design of services from a security perspective to identity vulnerabilities and weaknesses in the architecture and designWhat we are looking for:Proven experience in organizing and executing penetration tests/red team operationsA proactive and creative application security engineerA proactive and creative mindset to come up with efficient and effective ways to continuously improve the security of our productsExpertise in threat modelingExperience with at least two of the followingiOSAndroidWindowsMacOSLinuxStrong skills in coding and code review for at least two of the followingGoRustPythonNice to have:Experience or knowledge about open source tools for application security testingExperience in automationA toolbox for application security testingExperience or knowledge of infrastructure penetration testsEven if you don't meet all the requirements listed above, but feel you could still be a great fit, please still apply.What We OfferOffice First:Collaboration is easier and more effective in person, which is why we have offices in Geneva, Zurich, Prague, Barcelona, Paris, London, Vilnius, Skopje, and Taipei.
You can also enjoy working from home up to 30% of the time, while enjoying great company during our three core days in the office.
Depending on the role, fully remote positions may also be available.Technology:We provide all the devices and software you need to excel in your role, ensuring you have the best tools at your disposal to achieve your goals.Food:Lunch and snacks are provided by Proton every day at our offices.Transport:We will always support our employees with transport costs through subsidizing public transport, bike allowances, or parking spaces based on your office location.Stock Options:At Proton, we are all owners of the company and you get stock options when you join us.Flexible Working:You can define your own working hours as long as it works with team meetings.Learning and Development:We are committed to your professional growth.
Proton offers various learning opportunities, including training programs, conferences and events, and continual learning.Employee Benefits:Comprehensive health insurance plans, competitive retirement savings options, generous vacation and leave policies, and wellness programs.Work that Matters:Proton is a community-first organization, started with the support of a crowdfunding campaign and built with community input.
To this day, Proton's only source of revenue is user subscriptions.
Over 100 million people trust and support Proton, and we put our users and community first in everything we do.
Read more about our impact here.Our Commitment to Diversity and InclusionAt Proton, we believe diversity drives innovation and strengthens our mission to provide privacy as a default for all.
We are committed to fostering an inclusive environment where all individuals, regardless of race, ethnicity, gender, age, sexual orientation, physical ability, or socio-economic background, feel valued and empowered.
We strive to create equal opportunities, promote open dialogue, and support continuous learning to ensure every voice is heard and respected.If you need any extra support or reasonable adjustments during the hiring process, please let your talent partner know.Candidate Privacy NoticeWhen you apply for a position, refer a candidate, or are considered for a role at Proton Technologies AG (Proton, we, us, or our), your information is stored in Greenhouse, in accordance with their Service Privacy Policy.
This information is used to evaluate your suitability for the posted position.
We also retain this information for consideration for future roles that you may apply for or that we believe may align with your background and skills.If we no longer have a legitimate business need to process your information, we will either delete or anonymize it.
Should you have any inquiries about how we use or manage your information, or if you wish to access, correct, or delete your data, please contact our privacy team at ****** does not accept unsolicited resumes from any sources other than directly from candidates.
We will not pay a fee for any placement resulting from an unsolicited offer, even if the candidate is subsequently hired by Proton.To learn more about our privacy policy, please visit our privacy policy page.#LI-Onsite#J-18808-Ljbffr