Senior Security Engineer

Join Apify on our mission to help anyone get more value from the web, so they can automate tasks and spend time on the things that matter most.

Apify downloads billions of web pages from all over the world for AI, market research, and finding lost children. We give chatbots the context to interact intelligently, and we’re making agents an integral part of the Apify platform.

We’re looking for a Senior Security Engineer to build Apify's security function from the ground up. You'll have the rare opportunity to shape how we protect the Apify platform, with 55,000 monthly active users and 25,000 customers. You’ll establish a dedicated security function across the company as the first member of the new security team. It's a lot of responsibility, and a lot of opportunity.

You'll focus primarily on product security - making sure our features, infrastructure, and development practices keep users safe. But you'll also help shape IT security standards across the company. We have solid foundations (SOC 2, established policies), but we need someone to take ownership, identify gaps, and drive continuous improvement.

What you’ll be working on:

• Application security: Secure the SDLC through architecture reviews, vulnerability management (code scanning), and coordinating pentests and bug bounty programs

• Infrastructure & access: Harden AWS environment (IAM, network, logging) and manage secrets and access to sensitive systems

• Detection & response: Monitor for threats, respond to security incidents, and continuously improve detection capabilities

• Automation & collaboration: Build security automation and work with engineering teams to remediate vulnerabilities within SLAs

• Company security and standards: Participate in setting up a secure company IT infrastructure.

Who we’re looking for:

• Experience: 5+ years mainly in security engineering, Application Security (AppSec), or a closely related field. Previously worked in a security team within a larger company (250+ employees).

• Cloud: Hands-on experience securing cloud environments (e.g. IAM, CloudTrail, GuardDuty).

• Web security knowledge: Solid understanding of common web application vulnerabilities (OWASP Top 10).

• Tooling: Experience with vulnerability scanning, SAST/DAST tools, and utilizing GitHub's security features.

• Technical aptitude: Ability to read and review code (proficiency in Node.js/TypeScript is a plus).

• Communication: Strong ability to communicate technical security risks and work effectively with engineering, product, and leadership.

• Self-starter mentality: You’ll be instrumental in building this function, not just maintaining an established one.

Why should you work at Apify?

• Space, support, and autonomy for personal growth, with a direct impact on our success

• Full-time position in Prague at our amazing office located in Lucerna Palace 🏰

• Option to work remotely 🛋️

• Flexible working hours 🕰️

• Nobody counts holidays as long as the work gets done 💪

• Stock options and profit sharing 💰

• Free Multisport card 🏋️‍♀️

• We welcome pets, kids, and bikes at the office 🐶

• Epic team buildings and offsites 🚢 with biking, canoeing, and other adventures 🪂

• Solid education and training budget, conference tickets, internal “Eat & Learn” sessions, and the possibility to work across teams

• Generous hardware budget 💻

• Free lunches every day when working from the office 🌮🥡

• Unlimited supply of ☕ & 🍺 and snacks

• Free entry to the wonderful Prague Zoo 🐘

• Ping-pong, chess, PS5, lightsabers, foosball league after lunch 🏓

For more details about Apify and what it is like to work with us, see our Careers page.