SDLC Security Engineer, Product Security

We are seeking a highly experienced and technically proficient SDLC Architect to join our Product Security team. This critical role is centered on designing, defining requirements for, and leading the implementation of a world-class Software Development Lifecycle (SDLC) process with a paramount focus on security. Our objective is to embed security seamlessly and efficiently into every phase of development, from initial concept to deployment and beyond. The primary focus of this position is to work with our Secure SDLC. This involves a deep partnership with engineering, product management, and operations teams to ensure that security is a consistent and non-negotiable requirement throughout the product development pipeline.

 

What You’ll Do:

• SDLC Design and Optimization: Design, document, and champion an end-to-end Secure SDLC that aligns with industry best practices, regulatory requirements, and the specific needs of our product portfolio.
• Security Automation and Tooling: Identify, evaluate, and integrate security tools and controls (e.g., SAST, DAST, SCA, IAST, secret scanning) directly into the CI/CD pipelines to automate security gates and checks.
• Balancing Security and Velocity: The core goal is to build an SDLC that expertly maximizes developer productivity and agility while simultaneously ensuring that all security requirements placed upon our products—including data protection, compliance, and threat mitigation—are consistently met and verifiable.
• Requirement Definition: Translate high-level security policies and risk management objectives into clear, actionable, and testable technical requirements for development teams.
• Developer Enablement: Develop and deliver training, guidelines, and documentation to empower developers to write secure code from the outset, adopting a "Security as Code" mindset.
• Collaboration and Reporting: This role requires close collaboration with all engineering disciplines and involves participation in the Platform Security team's daily operations, including incident response and threat modeling as needed.
• Reporting Structure: This vital role reports directly to the Director of Platform Security, who is based in our Gothenburg office.

 

What You’ll Bring:

• 3+ years of relevant professional experience
• Proven background in software development, specifically in designing and implementing robust SDLC processes and CI/CD pipelines
• Solid expertise in computer security principles
• A strong ability to assess risks and make informed decisions
• A keen interest in finding and balancing security needs with developer productivity
• Excellent communication skills and the ability to effectively build relationships across different teams