Application Security Engineer

Tradeshift, Bucharest, Romania

Procure-to-pay, Supplier Engagement for Enterprise Procurement

We’re looking for candidates with a strong engineering background looking to take on the challenges that accompany securing an open app platform that handles hundreds of billions of transactions annually.

Tradeshift is composed of a distributed system of Javascript, Java and Scala applications built using the Spring framework and communicating via RESTful interfaces.  The platform was built to be extensible with 3rd parties as well as internal developers able to develop applications to provide value to end users.  

We believe in an integrated approach to application security and that prevention is better than a cure.  We also believe that communication skills and the ability to help others can amplify the impact of an engineer 10x.  We take security very seriously and work very hard to include it throughout our software lifecycle from the design process all the way through how we operate the platform.

What you will be doing:

  • Perform security related design and implementation reviews for the platform
  • Automate to improve the abilities of other engineers to develop and maintain secure code
  • Find and remediate security flaws across the software stack
  • Coordinate with researchers on our bug bounty program to close exposed vulnerabilities
  • Consult across teams on secure architecture design and implementations
  • Propose, evaluate and build innovative new security features to benefit our users
  • Assist with security incident response as needed
  • Be a security evangelist across all of Tradeshift
  • Train other developers to help them build more secure products
  • Work with external pen testers to continually improve security on the platform

About you:

  • Great communication skills to help build a strong security culture
  • Expertise in conducting design reviews and remediating security issues in existing code
  • Ability to help resolve flaws and errors in an empathetic manner
  • Solid foundation in web application security including Node.Js applications
  • Experience with penetration testing against applications
  • Deep proficiency in Java development, Groovy and Grails a plus
  • Experience working with sensitive data like credit cards and other PII
  • Proficiency in implementing sandboxing solutions
  • BS in Computer Science or a related technical field / equivalent experience
  • 4+ years of industry experience engineering web facing systems
Culture & Perks:
Tradeshift is a very special place. What makes and keeps us special is our people and how we work together. Our culture was formed from day one when three Danes poured their heart and soul into creating a platform that could connect every business in the world. We expect each employee to approach their job at Tradeshift with the same amount of pride and passion and embody the Tradeshift culture that makes us the best company in history.

At the center of Tradeshift’s values is the belief that the single most important thing we do is continue to hire the best people and create a workplace where they can thrive. To reward our employees for the great work they’re doing we offer a number of perks and benefits, including:

•   Ambitious international startup
•   An agile environment in Bucharest, Romania
•   A highly skilled international team that is working on a global product from a strong strategic vision
•   Competitive compensation package
•   Career and professional development opportunities (workshops, trainings etc.)
•   Trips to design-camps for working with and learning from professionals in other countries
•   Flexible working hours/ vacation policy
•   Company laptop
•   Medical Insurance
•   Meal tickets of 15 lei value for each working day
•   Fresh fruits every Wednesday
•   Free drinks & snacks
•   Safe outdoor bike parking spot
•   Access to Bookster
•   Friendly and relaxed working atmosphere
•   Relaxing spots, games - ping pong, board games
•   Company events like Team Camps, Hackathons, Field Days, Welcome Breakfast, Happy Hours, Birthdays Celebrations etc.

About Tradeshift

The Tradeshift story So three Danes walk into a garage... It began with a dream. In 2005, entrepreneurs Christian, Mikkel and Gert had a vision: to connect every business in the world. So when the Danish National IT & Telecom Agency asked them to create an e-invoice network, they saw an opportunity to create something bigger. First, they built EasyTrade, the world’s first open-source trade platform.* (Did they blow a few minds and break some rules along the way? You bet they did.) Then, the trio got to work again. This time, to realize their vision of an open business platform for the whole world, not just Europe. A platform that would transform the way businesses work together. From broken to efficient; from complicated to simple; from archaic to modern. And so, Tradeshift was born.

Want to learn more about Tradeshift? Visit Tradeshift's website.