Senior Information Security Engineer

We are seeking an experienced Information Security Engineer to strengthen the security posture of our infrastructure and products while leading our vulnerability management program. This role involves handling both internal and external vulnerability management efforts, conducting internal scans and tests, and collaborating with engineering teams to implement effective solutions. The ideal candidate will have a deep understanding of information security risks, threats, mitigation strategies, testing tools, and protective measure.

A little bit about us 

Microblink is an AI company with expertise in computer vision. We create unique products and tools with the desire to make the future digital identity world a secure ‘no-fake-zone’, one verification at a time. Our teams in Zagreb, Sofia and New York touch hundreds of millions of people every year, processing over 800M identity documents in more than 70 countries around the world.

Here’s what you’ll do:

• Lead the vulnerability management program by working closely with the Product & Engineering teams to limit the vulnerability attack surface
• Define vulnerability management policies, guidelines, and procedures, and streamline related internal and external reporting
• Monitor IT infrastructure and analyze the state of our products to identify security vulnerabilities and take appropriate corrective actions (periodic vulnerability scans, analysis of found vulnerabilities, handling bug bounty reports, assisting DevOps and Dev teams in impact analysis)
• Oversee the security part of our Secure Software Development Lifecycle
• Analyze and evaluate potential threats, design and implement overall security solutions and mitigation strategies (security-enhancing tools and infrastructure)

You'll be successful in this role if you have:

• Strong experience in InfoSec, DevOps, or Developer roles
• Deep understanding of security best practices related to application development and/or cloud infrastructure
• Knowledge of OWASP Top 10 and ASVS, SANS 25, MITRE ATT&CK
• Experience with vulnerability scanning (OpenVAS, ZAP, Nmap, Nessus) and penetration testing tools (Burp Suite)
• Experience in coding and knowledge of CI/CD
• Knowledge of encryption algorithms, authentication, and authorization mechanisms

An additional plus is if you have:

• Experience with ISO 27001 and/or SOC 2 requirements
• Experience with public cloud infrastructure providers such as GCP/AWS
• Knowledge of the current threat landscape
• Experience with Risk Management
• Experience with Incident Management
• Experience with sharing knowledge and raising awareness

Here’s what you’ll gain if you join us

• Microblink owes its success to its people. That is why we offer equity participation to all of our full-time employees so that we can grow together
• Unlimited PTO, giving you the flexibility to take time off as needed to maintain a healthy work-life balance.
• Customizable "Pick & Choose" benefits, designed to suit a range of personal preferences.
• Flexible work arrangements, allowing you to adjust your schedule—whether working from home or our Zagreb office.
• A dedicated tech budget to invest in the equipment you prefer, ideal for those passionate about technology.
• Financial support during your parental leave, days off for important events (your kid’s 1st bday, 1st days at school/kindergarten)
• Up to 30 days of fully paid sick leave per year
• Opportunities to learn and develop your skills through internal L&D programs, and a supportive working environment

At Microblink, we nurture a culture that recognizes and rewards success, and is not afraid to try, fail and learn from mistakes. Find out what it feels like to work at Microblink. If this role intrigues you, do not hesitate to hit the apply button and send us your resume. So don’t let that discourage you - get in touch with us and we promise to get back to you.