Senior Security Engineer - Application

The Security team partners across the company to help Preply grow safely and sustainably. We are responsible for platform security, application and product security, security operations, and incident response. We work closely with SRE, Data teams, Engineering teams, and our GRC function to make security practical, measurable, and scalable.

We work in small teams, which means you'll have high ownership, real influence on technical decisions, and the opportunity to drive meaningful improvements across the company. We promote self-direction, strong collaboration, and a culture where trust and clear communication matter.

We have diverse technical challenges that will allow you to develop your skills across the stack - sometimes we write about them in our Engineering Blog! Please, also visit our Tech Radar and our YouTube channel to learn more about the technologies we use at Preply!

What you'll be doing:

• Own application and product security, partnering closely with engineering teams to improve security outcomes across the full SDLC
• Act as a strong technical voice in how we design, build, ship, and operate secure systems, driving initiatives end-to-end through influence, collaboration, and hands-on execution
• Work hands-on with our core backend stack (Python, Django), reading and writing code, contributing improvements, and building automation to scale security with product engineering teams to embed security into planning, design, and delivery, without slowing teams down
• Participate in architecture discussions and design reviews to identify risk early and propose pragmatic mitigations
• Lead and facilitate threat modeling for new features and significant changes, and translate results into prioritized engineering work
• Improve the secure SDLC end-to-end: requirements, secure design, implementation guidance, testing, release, and operational readiness
• Build "paved paths" and guardrails that make secure choices the default (libraries, patterns, templates, CI checks)
• Mature code and application security tooling, including selection, rollout, and adoption:

• SAST, SCA (We now use Snyk), secret scanning, and relevant DAST/API testing where it adds signal
• Integrate findings into developer workflows with clear ownership, SLAs, and low-friction remediation

• Proactively discover security issues through code review support, automation, security testing, and targeted assessments Improve vulnerability management for application and product security findings: triage, prioritization, remediation, verification, and trend reporting

• Create and deliver training and enablement for engineers (secure coding, common pitfalls, new patterns), and help grow security champions across teams

• Partner with GRC to ensure security requirements and controls are feasible, well understood, and evidenced through real engineering practice

• Lead engineering wide initiatives, managing stakeholders and aligning with business to deliver high impact results

Do you have experience in SaaS?, * Strong experience in application and product security in modern web environments, with a track record of improving security outcomes across the SDLC

• Strong coding ability and comfort working in a Python/Django codebase (reading, writing, reviewing, and proposing improvements)
• Demonstrated experience influencing engineering teams through design reviews, threat modeling, and practical guidance
• Strong understanding of common web and API security risks (OWASP Top 10, auth and session risks, SSRF, injection, access control issues, secrets exposure, unsafe deserialization, etc.) and how they show up in real systems
• Experience selecting, introducing, and scaling security tooling in CI/CD (SAST, SCA, secret scanning, and related controls), including tuning to reduce noise and improve developer adoption
• Ability to turn findings into action: clear severity, ownership, prioritization, and verification, with an emphasis on automation and repeatability
• Strong communication skills and the ability to collaborate across Product Engineering, Platform Engineering, SRE, Data teams, and GRC
• Business-oriented mindset and comfort making cost-benefit tradeoffs
• Willingness to participate in on-call rotations and partner effectively with SRE during incidents

Nice to have:

• Security experience with identity and authorization patterns (OAuth/OIDC, SSO, RBAC/ABAC), especially in SaaS products
• Experience with cloud-native environments and security controls that impact applications (AWS, Kubernetes, infrastructure boundaries)
• Experience building internal security libraries, developer platforms, or guardrails that scale across teams
• Experience with bug bounty programs, pentesting workflows, or coordinated disclosure processes
• Mobile security experience

Why you'll love it at Preply:

• An open, collaborative, dynamic and diverse culture;
• A generous monthly allowance for lessons on Preply.com, Learning & Development budget and time off for your self-development;
• A competitive financial package with equity, leave allowance and health insurance;
• Not in Barcelona? We offer an attractive relocation package to join us in our Preply Barcelona Hub
• Access to free mental health support platforms;
• Access to Gympass-partnered wellness and gym centers throughout Spain to promote and support well-being and physical health;
• The opportunity to unlock the potential of learners and tutors through language learning and teaching in 175 countries (and counting!).

At Preply, we're all about creating life-changing learning experiences. We help people discover the magic of the perfect tutor, craft a personalised learning journey, and stay motivated to keep growing. Our approach is human-led, tech-enabled - and it's creating real impact. We've just reached unicorn status with a $150M Series D, accelerating our vision to transform education through human-led, AI-enhanced learning. Today, 100,000+ tutors teach 90+ languages to learners in 180 countries - and we're only getting started. As a category-defining company, we're shaping what the future of learning looks like at global scale. Every Preply lesson sparks change, fuels ambition, and drives progress that matters. Joining Preply means helping define the future of education at global scale, and building something that truly matters for millions of people, every day., * Care to change the world - We are passionate about our work and care deeply about its impact to be life changing. * We do it for learners - For both Preply and tutors, learners are why we do what we do. Every day we focus on empowering tutors to deliver an exceptional learning experience. * Keep perfecting - To create an outstanding customer experience, we focus on simplicity, smoothness, and enjoyment, continually perfecting it as every detail matters. * Now is the time - In a fast-paced world, it matters how quickly we act. Now is the time to make great things happen. * Disciplined execution - What makes us disciplined is the excellence in our execution. We set clear goals, focus on what matters, and utilize our resources efficiently. * Dive deep - We leverage business acumen and curiosity to investigate disparities between numbers and stories, unlocking meaningful insights to guide our decisions. * Growth mindset - We proactively seek growth opportunities and believe today's best performance becomes tomorrow's starting point. We humbly embrace feedback and learn from setbacks. * Raise the bar - We raise our performance standards continuously, alongside each new hire and promotion. We build diverse and high-performing teams that can make a real difference. * Challenge, disagree and commit - We value open and candid communication, even when we don't fully agree. We speak our minds, challenge when necessary, and fully commit to decisions once made. * One Preply - We prioritize collaboration, inclusion, and the success of our team over personal ambitions. Together, we support and celebrate each other's progress.