Senior Application Security Engineer

Senior Application Security Engineer

Engineering

Prolific is not just another player in the AI space – we are the architects of the human data infrastructure that's reshaping the landscape of AI development. In a world where foundational AI technologies are increasingly commoditized, it's the quality and diversity of human-generated data that truly differentiates products and models.

The role

Security at Prolific isn't an afterthought, it's foundational to how we build. As a company trusted by world-leading research institutions and AI labs to handle sensitive data at scale, the security of our application layer is critical. We handle participant data, researcher credentials, payment flows, and API integrations that demand rigorous protection at the code level. As a Senior Application Security Engineer, you'll be the technical authority on application security at Prolific. You'll work hands-on with our engineering teams to find and fix vulnerabilities in our codebase, perform security testing, build security tooling, and embed secure development practices into how we ship software. This isn't a governance or policy role, you'll be in the code, reviewing pull requests, threat modelling new features, and building the automation that keeps our platform secure as we scale. You'll report to the Head of Engineering/Platform and work cross-functionally with product engineering, platform, data, and TechOps teams.

What you’ll bring to the role

• Several years in application/product security or security engineering
• Strong knowledge of OWASP Top 10 (Web & API) and modern attack paths (e.g. auth flaws, SSRF, injection, business logic abuse, supply chain)
• Experience working with complex, large-scale systems and modern architectures
• Hands-on security testing experience (especially Burp Suite) across web apps and APIs
• Python for security tooling, automation, or custom detection (Django a plus)
• Experience implementing and tuning SAST, SCA, DAST, and secret scanning in CI/CD
• Practical threat modelling experience, including leading lightweight sessions
• Strong collaboration skills, able to clearly explain issues and drive remediation
• Builder mindset, you automate wherever possible

Nice to haves.

• Experience with Django, Vue.js, MongoDB, GCP
• Security champions or bug bounty programmes
• Supply chain security (SCA, SBOMs, dependency review)
• IaC security (e.g. Terraform, policy-as-code)
• Hands-on certifications (OSCP, GWAPT, BSCP)
• Experience in scaling environments building out security practices

What you’ll be doing in the role

You’ll help secure Prolific’s applications end-to-end, from hands-on testing and code review to threat modelling and CI/CD security. You’ll partner closely with engineers to identify and fix vulnerabilities, build and tune security tooling, and embed secure development practices across the SDLC. This includes running penetration tests, improving detection coverage, and staying ahead of emerging threats to continuously strengthen our security posture.

Why Prolific is a great place to work

We've built a unique platform that values quality and security in AI development.