National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

Senior Application Security Engineer

ProtonMail
Greater London
11 months ago
Create job alert

A better internet, where privacy is the default, is possible. Building this better internet might seem daunting or even unthinkable, but at Proton, this is what we do every day.

Proton was founded in 2014 by a group of scientists who met at the European Organization for Nuclear Research (CERN). Our first product, Proton Mail, is now the world’s largest encrypted email service. Subsequent Proton products, such as Proton VPNProton Calendar,Proton DriveandProton Pass give our users full control over how and with whom their data is shared.

Today, Proton makes privacy universally accessible. Journalists from outlets like The Guardian and The New York Times, some of the world’s largest organizations, and people in more than 180 countries have signed up for over 100 million accounts. Our diverse and dynamic team is made up of more than 400 members representing over 40 different nationalities. While we are based in Geneva, Switzerland, we have offices in Zurich, Prague, London, Vilnius, Skopje, Taipei, Paris, Barcelona and many more employees working remotely around the world.

Join one of Europe’s fastest-growing companies to help us solve challenging problems and build new products that will reach hundreds of millions of people. We want to create more than just one of the world’s most impactful tech companies; we want to create a new internet that serves the interests of all people. We need you, your voice, your ideas, and your ambition to make it happen.

The Team:

The Security team is tasked with protecting Proton’s and its users against various cyber-security threats. We ensure the confidentiality, availability and integrity of thousands of assets, necessary to the fulfillment of Proton’s privacy mission. Since 2018, the team has been providing services to other business units, including security monitoring, risk management, internal advisory, product security, vulnerability management and identity & access management. Our mandate includes the protection of people, devices, applications, infrastructure, data, software and our products. We work mainly with on-prem infrastructure and open source tools.

The security team is small yet mighty. We are a close-knit group of people who work hard to help Proton achieve its mission. We strongly believe that we cannot protect our users' privacy if we do not protect the company's security.

Tech Stack and Tools:

Proton currently offers the following products: Mail, Calendar, VPN, Pass, Drive, each of which is available on multiple platforms, including Windows, MacOS, iOS and Linux.  Our infrastructure is entirely composed of Linux machines.  Wherever we can, we make use of open-source technologies.

About the role:

You will be leading our efforts to ensure that Proton's applications are secure

What you will be doing:

Perform penetration tests on Proton products, both those released to the public and not Support bug bounty triage by reproducing submissions and assessing their potential impact Working with engineering teams to remediate identified bugs Identifying and implementing improvements in product security and secure coding Work with the wider Security and developer units to create security guidelines Demonstrate the value of an “assume breach” mentality Perform threat modeling and security reviews: review the design of services from a security perspective to identity vulnerabilities and weaknesses in the architecture and design

What we are looking for:

Proven experience in organizing and executing penetration tests/red team operations A proactive and creative application security engineer A proactive and creative mindset to come up with efficient and effective ways to continuously improve the security of our products Expertise in threat modeling  Experience with at least two of the following iOSAndroidWindowsMacOSLinux Strong skills in coding and code review for at least two of the following GoRustPython

Nice to have:

Experience or knowledge about open source tools for application security testing  Experience in automation A toolbox for application security testing Experience or knowledge of infrastructure penetration tests

Even if you don’t meet all the requirements listed above, but feel you could still be a great fit, please still apply.

Why should you join Proton?

Be part of a movement - Proton is not just a product or service but a community-driven movement united by a shared vision of online freedom. Our services are open source, audited, and supported by community contributions. We give back to our community by maintaining core encryption libraries and by supporting other organizations furthering the same goals as us. Proton is free, open source, neutral, independent, and community first, while remaining financially sustainable.Work with smart and dedicated people - Our team is diverse, collaborative, and tight-knit with people coming from all walks of life, including many of the world’s top academic institutions and organizations, such as MIT, Harvard, Stanford, Caltech, Cambridge, and ETH.Join a strong brand - Our encrypted email service - Proton Mail - has grown to be a staple of online security and privacy. Proton has been featured in multiple popular television and film productions, such as Mr. Robot, Knives Out, Sounds of Metal, and more.Grow with us - We’re one of Europe’s fastest-growing startups, doubling in size every year. Our growth gives you limitless career and educational opportunities as well as the opportunity to work side-by-side with many world-leading experts in their fields.Have your voice heard - We value your opinion and encourage you to speak up and share your ideas and thoughts. At Proton, no problem is someone else’s problem. We collectively strive to do the right thing and be the undisputed best in the world at everything we do.Benefits – these vary by location and type of contract but expect support on your vacation, parental leave, refreshment if working from the office, learning and development opportunities, equity for shared success, flexible working hours and remote work, company events and team building activities.

Proton does not accept unsolicited resumes from any sources other than directly from a candidate. Proton will not pay a fee for any placement resulting from the receipt of an unsolicited offer, even in a situation when the relevant candidate is employed by Proton.

Related Jobs

View all jobs

Senior Application Security Engineer

Senior Application Security Engineer

Senior Application Security Engineer

Senior Application Security Engineer

Senior Application Security Engineer

Senior Application Security Engineer

National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

How to Present Cyber Security Solutions to Non-Technical Audiences: A Public Speaking Guide for Job Seekers

Cyber security is no longer just an IT issue—it’s a board-level priority. Whether you’re applying for a role in penetration testing, security operations, risk management, or compliance, your ability to clearly explain cyber threats and solutions to non-technical stakeholders is vital. This guide will help cyber security job seekers develop one of the most in-demand soft skills in the industry: public speaking. You’ll learn how to simplify complex concepts, structure effective presentations, use storytelling and analogies, and handle common stakeholder questions with confidence.

Cyber Security Jobs Employer Hotlist 2025: 50 UK Companies Actively Hiring Right Now

Bookmark this guide—refreshed every quarter—so you always know who’s really expanding their cyber security teams. Ransomware payouts broke records in 2024, the UK’s new Cyber Security Bill imposed mandatory breach disclosure, and the National Cyber Force’s move to Samlesbury has super‑charged the northern skills market. Result? Demand for security architects, SOC analysts, penetration testers, cloud‑security engineers, threat hunters & GRC specialists is at an all‑time high in 2025. Below you’ll find 50 organisations that have posted UK‑based cyber security vacancies or announced head‑count growth during the past eight weeks. They’re organised into five quick‑scan categories. For every employer you’ll see: Main UK hub Example live or recent vacancy Why it’s worth a look (tech stack, culture, mission) Search any company on CyberSecurityJobs.tech to view current ads, or set a free alert so fresh openings land straight in your inbox.

Return-to-Work Pathways: Relaunch Your Cyber Security Career with Returnships, Flexible & Hybrid Roles

Re-entering the workforce after a career break can feel especially challenging in a fast-moving field like cyber security. Whether you stepped away for parenting, caregiving or another life chapter, the UK’s cyber security sector now offers a range of return-to-work pathways—from structured returnships to flexible and hybrid roles. These programmes value the transferable skills and resilience you’ve developed during your break, pairing you with mentorship, upskilling opportunities and supportive networks to ease your transition back into cyber security. In this article, tailored for parents and carers, you’ll discover how to: Understand the growing demand for cyber security talent in the UK Translate your organisational, communication and problem-solving skills into cyber security roles Tackle common re-entry challenges with practical solutions Refresh your technical knowledge through targeted learning Access returnship and re-entry programmes specific to cyber security Find roles that accommodate family commitments—whether hybrid, flexible or full-time Balance your career relaunch with caring responsibilities Master applications, interviews and networking in cyber security Draw inspiration from real returner success stories Whether you aim to return as an analyst, penetration tester, security engineer or compliance specialist, this guide will equip you with the steps and resources to reignite your cyber security career.