Lead Security Engineer - Application Engineering

In 2013, while living abroad, our founders set out to create an online tool that could turn huge PDFs into small, easy-to-send versions in order to send updates to their families. As it turns out, they weren't the only ones with this problem. 10 years later, Smallpdf is one of the most popular PDF tools in the world and among the most visited websites globally. With products available in 24 languages, the site has visitors from every single country in the world, plus Antarctica, and processes millions of documents each day.

In 2022, we took a big step forward by acquiring PDF Tools, a Zurich-based pioneer for products that help to create, manipulate, and validate PDF- and PDF/A- files to support and improve our customers’ document workflows.

As a team of over >100 people from 34 nationalities in our offices in Zurich, Belgrade, and Barcelona, we're proud to have made PDFs and life a little bit easier for over a billion customers across our web, mobile, and desktop applications. Our reputation for Swiss engineering standards has made us a trusted choice for industry leaders like Lufthansa, UBS, Swiss Life, and millions of people worldwide.

What you will do:

• As Senior Security Engineer at Smallpdf, you will lead the efforts to ensure that our software and systems are designed and implemented to the highest security standards
• You will perform technical security assessments, code reviews, vulnerability testing, and advanced monitoring to highlight risks, helping Smallpdf improve security
• You will also work closely with other engineers to design and build processes and guidelines to enhance our security
• You will participate actively in ISO 27001 certification and PCI DSS 4.0 SAQ certification
• You coordinate cybersecurity risk assessment and routine penetration testing

Responsibilities:

• Partner with internal product teams to continuously improve the security of our product
• Conduct research to identify new attack vectors against Smallpdf products and services
• Develop technical solutions to help mitigate security vulnerabilities
• Promote and advise security and secure practices throughout Smallpdf
• Contribute to the certification and audit processes (ISO 27001, PCI DSS 4.0 SAQ, SOC-2)
• Foster a culture of security awareness within Smallpdf
• Collaborate with developers to integrate security best practices into the application development process (DevSecOps)
• Design, implement, and maintain security controls for our cloud-based applications using L7 security tools (e.g., Web Application Firewalls)
• Develop and document security policies and procedures

Requirements:

• Bachelor's degree in Computer Science or equivalent practical experience
• Excellent communication and collaboration skills
• Technical knowledge of security engineering, computer and network security, authentication, and security protocols
• Experience in coordinating and validating penetration tests
• Familiarity with common vulnerabilities (OWASP, etc..)
• Experience working with cloud providers (we’re on AWS)
• Experience working with one of the popular L7 WAF solutions
• Experience coding/scripting in one or more general-purpose languages, including but not limited to Go, Python, JavaScript, Terraform, etc.
• Fluent in English
• Zurich, Barcelona, or Belgrade

Nice to have:

• Experience with CI/CD tools and workflows (Jenkins, Github Actions etc..)
• Container security-related experience
• Experience working with Golang
• Experience with DevSecOps methodologies and tools (CI/CD pipelines, IaC)
• Certifications (e.g., AWS Security Specialty, CCSP)

Why Smallpdf?

Here, every task and challenge is an opportunity to innovate and make a genuine impact. We're a driven team - pragmatic, goal-focused, and always eager to solve the next big problem. This isn’t a place for mere management or grand visions detached from reality; it’s a ground for hands-on champions ready to roll up their sleeves. If you're someone who's willing to dive deep into the action, someone who's more about the journey than just the title, Smallpdf is your destination.

Our benefits

🌍  You get to impact how over 60 million people get work done monthly.

🚀  Push boundaries and dare to fail—that’s how we learn!

🏝️  30 vacation days—yep, you read that right— you can take them whenever you need them.

🧳  Need a long break? We offer sabbatical leave to employees who’ve been with us for over two years.

👶  16 weeks parental leave—100% of your salary—for all new parents.

🐶  Don’t leave your four-legged friends at home; our offices are pet-friendly.

📚  A personal development budget of up to 2,000 CHF every year, plus days off for courses or training.

🥧  Possibility of a Phantom stock option plan (PSOP). (Conditions apply.)

🧑‍🏫 We offer 1-1 coaching sessions to individual contributors and employees in leadership positions through our external partner 'BetterUp'.

👩‍💻  Hack days to challenge you and your team, plus build amazing things.

Smallpdf is an equal-opportunity employer. We believe our greatest strength is a talented, diverse, and inclusive workforce. We strongly oppose any form of hiring or workplace discrimination against candidates or employees on any basis, including race, gender, sexual orientation, age, religion, philosophy, nationality, disability, or genetic information. We’re committed to fostering a safe, supportive environment where everyone can come to work as their full selves and reach their greatest potential.

Submitting your application allows Smallpdf to handle and store your data.

Smallpdf does not seek or accept unsolicited applications or CVs from recruitment agencies. We are not responsible for and will not pay any fees, commissions, or any other payment related to unsolicited applications or CVs except as required in a written contract between Smallpdf and the recruitment agency or party requesting payment of a fee.