Quick Summary
ABOUT YOU Xsolla seeks a security engineer to join a new security team during a critical build-out phase. You work across application security and infrastructure security - reviewing code,
Xsolla seeks a security engineer to join a new security team during a critical build-out phase. You work across application security and infrastructure security - reviewing code, hardening cloud environments, supporting incident response, and partnering with engineering teams to improve security posture across the company.
This is a generalist role well-suited to an early-team hire. You are comfortable working across domains rather than specializing in one, and you grow into deeper expertise as the team and program mature. You collaborate closely with the security program manager and work directly with engineering teams on secure design, findings, and remediation.
Our tech stack includes GCP, vSphere/ESX, Kubernetes and container workloads, MariaDB, CockroachDB, Go, PHP, and Python. You do not need expertise in all of these, but you are comfortable navigating a mixed environment and learning what you need.
As always true in job descriptions, there is an intangible value that is hard to capture. We look for a diverse set of perspectives and skills. Even if you don't match every requirement, we encourage you to apply if you think you can be highly successful in this role.
-
Perform Application Security Reviews - Conduct code reviews, run SAST/DAST and dependency scanning tools, and work with engineering to resolve findings.
-
Participate in Threat Modeling - Contribute to threat modeling sessions for new features and architecture changes, helping identify risks early in the design process.
-
Help Harden Cloud and Container Infrastructure - Work on GCP, Kubernetes, and IAM configurations to strengthen the security of our cloud and container environments.
-
Participate in Pen Test Remediation - Help triage penetration test findings and work with engineering teams to implement fixes, coordinating closely with the security program manager.
-
Partner with Engineering on Secure Design - Review architectures, advise on secure implementation patterns, and help teams make informed security decisions.
-
Identify and Track Security Findings - Document findings, assess severity, and track them through the remediation lifecycle to resolution.
-
Support Incident Response - Help investigate and document security events, contribute to root-cause analysis, and support containment efforts.
-
Write Async Security Guidance - Produce advisories, best-practice documentation, and practical guidance that helps engineering teams build securely across time zones.
-
Support Product Security - Work with partners on the security posture of customer-facing services, contributing to reviews and assessments as needed.
Cloud Environment Exposure - Has worked with GCP or a similar cloud provider and is comfortable with IAM, networking, and container concepts.
Code Literacy - Reads and reviews code in one or more of: Go, Python, PHP. Does not need to be a software engineer, but can follow logic and spot issues.
Security Tooling Familiarity - Has used or is familiar with SAST, DAST, or dependency scanning tools and understands how they fit into a development workflow.
Strong Written Communication - Writes clear, concise async documentation - findings, advisories, guidance - that works across time zones and audiences.
Collaborative Mindset - Partners effectively with engineering teams. Focuses on helping teams build securely rather than just identifying problems.
Self-Directed with Growth Mindset - Eager to learn, comfortable with ambiguity, and able to make progress with minimal direction in a new and evolving team.
-
Threat modeling experience;
-
Hands-on Kubernetes or container security experience;
-
Infrastructure security background - Linux, networking, vSphere/ESX;
-
Familiarity with NIST CSF, PCI, SOC 2, or ISO 27001 from a technical perspective;
-
Detection engineering or incident response experience;
-
Experience building security automation or internal tooling;
-
Relevant certifications (OSCP, GWAPT, CKS, or similar hands-on certs).
Xsolla operates across multiple time zones. Strong written communication is essential - you will need to document your work clearly so findings and context are not lost across handoffs. We value directness, intellectual honesty, and follow-through. If you do not know something, say so and find out. If you find something, explain it clearly and see it through to resolution.
Location & Eligibility
Listing Details
- Posted
- July 7, 2026
- First seen
- July 7, 2026
- Last seen
- July 7, 2026
Posting Health
- Days active
- 0
- Repost count
- 0
- Trust Level
- 67%
- Scored at
- July 7, 2026
Signal breakdown

Xsolla is a global video game commerce company that provides developers and publishers with tools and services for funding, marketing, launching, and monetizing games across multiple platforms.
View company profilePlease let Xsolla know you found this job on Jobera.
3 other jobs at Xsolla
View all →Explore open roles at Xsolla.
Similar Security Engineer jobs
View all →Browse Similar Jobs
Stay ahead of the market
Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.
No spam. Unsubscribe at any time.