Product Security Engineer (m/f/d)

Position: Product Security Engineer (m/f/d)
Location:  Available to candidates located in Poland

Aras is expanding its Product Security team and is seeking a Product Security Engineer with strong DevSecOps expertise to help secure our products, cloud platforms, and software development lifecycle. This role will be responsible for designing, implementing, and maintaining secure CI/CD pipelines, integrating security controls throughout the development process, and driving a security-first engineering culture across product and cloud teams.
As part of the Product Security organization, you will partner closely with software engineers, cloud architects, DevOps teams, and security stakeholders to identify, prioritize, and remediate security risks at scale. You will play a key role in advancing Aras' DevSecOps maturity while helping shape the future of Agentic Security by leveraging automation, AI-assisted security workflows, and autonomous security operations.

This position requires strong technical expertise, excellent communication skills, and hands-on experience integrating SAST, DAST, SCA, container security, and cloud security controls into modern CI/CD
environments.

Key Responsibilities
DevSecOps Engineering
• Design, develop, and maintain secure CI/CD pipelines using Jenkins, Kubernetes, Azure, and cloud-native technologies.
• Integrate security controls and automated security testing into the software delivery lifecycle.
• Implement and manage SAST, DAST, SCA, secrets detection, IaC scanning, container security, and software supply chain security controls.
• Drive security automation initiatives to reduce manual effort and accelerate secure software delivery.
• Partner with engineering teams to remediate identified vulnerabilities and security gaps in a timely manner.
Product Security
• Collaborate with product, development, and cloud engineering teams to embed security requirements throughout the SDLC.
• Conduct security reviews of applications, infrastructure, CI/CD workflows, and deployment architectures.
• Support threat modeling, risk assessments, and secure design reviews.
• Help establish security baselines, hardening standards, and secure deployment practices. Agentic Security & Security Automation
• Leverage AI-powered security tooling to improve vulnerability management, detection, triage, and remediation workflows.
• Develop automated security guardrails and policy enforcement mechanisms for developer self- service platforms.
• Contribute to secure AI adoption initiatives, including AI governance, model security, and protection of AI-assisted development workflows.

Engineering & Collaboration
• Develop automation solutions using Python, PowerShell, Bash, or Groovy.
• Provide expertise in Agile.
• Participate in daily standups, sprint planning, retrospectives, and collaborative design sessions.
• Continuously evaluate new tools, technologies, and approaches to improve security effectiveness and developer experience.

Required Qualifications
• 2+ years of hands-on experience with Jenkins or similar CI/CD platforms.
• 2+ years of software development, automation, or scripting experience using Python, PowerShell, Bash, or equivalent languages.
• Experience integrating security tooling into CI/CD pipelines, including SAST, DAST, SCA, container scanning, and secrets management.
• Working knowledge of cloud security principles and services in Azure and/or AWS.
• Understanding of containerized environments and Kubernetes security concepts.
• Experience collaborating with engineering teams in Agile development environments.
• Strong analytical, troubleshooting, and problem-solving skills.
• Self-motivated with the ability to work independently and manage multiple priorities.
• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or equivalent practical experience.