AppSec Jobs
← Back to all jobs

Redis

Senior Product Security Engineer - InfoSec - Bulgaria

Hybrid
Sofia Metropolitan AreaPosted 3 days agoWebsite
Apply on LinkedIn →

At a Glance

6+ years experienceKubernetesCI/CDOWASPCode ReviewSAST

About This Role

The Product Security team focuses on securing Redis products by embedding security into every stage of development—combining automation, modern tooling, and emerging AI capabilities to stay ahead of evolving threats. You'll combine deep application security expertise with automation and AI-driven tooling to identify, prioritize, and remediate vulnerabilities. This is a hands-on role with high ownership, working closely with engineering teams to embed security into the development lifecycle and continuously improve our security posture.

Responsibilities

  • Own and operate vulnerability management processes across Redis products, from discovery through remediation and reporting
  • Implement, evaluate, and manage AI-based security scanning tools to improve coverage and signal quality
  • Conduct product security assessments using both traditional and AI-assisted techniques (e.g., SAST, DAST, code analysis, LLM-assisted review)
  • Partner directly with engineering teams to triage findings, drive remediation, and improve secure development practices
  • Integrate security tools and workflows into CI/CD pipelines to enable continuous, automated security testing
  • Manage and triage findings from bug bounty platforms (e.g., HackerOne), ensuring timely validation and response
  • Build automation to reduce manual effort in vulnerability tracking, reporting, and remediation workflows
  • Use Jira to track, prioritize, and communicate security issues across teams
  • Contribute to improving internal security standards, processes, and tooling

Requirements

SASTDASTOWASPKubernetesCI/CD
  • 6+ years of experience in application security, product security, or a related field
  • Strong experience operating vulnerability management programs, including triage, prioritization, and reporting
  • Hands-on experience using Jira (or similar tools) to manage and track security issues at scale
  • Experience working with bug bounty platforms such as HackerOne or Bugcrowd
  • Practical experience with security tools (e.g., SAST, DAST, dependency scanning) and understanding their trade-offs
  • Experience building or using automation (scripting, APIs, pipelines, or integrations) to improve security workflows
  • Strong understanding of common application vulnerabilities (OWASP Top 10, secure coding practices)
  • Ability to work cross-functionally and communicate clearly with engineering teams
  • Experience with AI/ML-driven security tools or workflows (e.g., LLM-assisted code review, AI-based scanning)
  • Familiarity with cloud-native environments (Kubernetes, containers, microservices architectures)
  • Experience integrating security into modern CI/CD pipelines

Benefits & Perks

25 days of vacation time
Hybrid working options from both home and the office
Home internet & phone monthly allowance
One-time home-office setup allowance
Health and dental insurance for you
Personal life insurance
Critical Illness Cover
Lunch and snacks in the office
Multisport/CoolFit card

About Redis

Redis is a private software company based in Mountain View, California, founded in 2011. Originally known as Garantia Data and later Redis Labs, the company is the official sponsor and commercial provider of the open-source Redis database. This in-memory NoSQL data structure store is recognized for its speed and versatility, making it a popular choice for real-time applications across various industries. The company offers several key products, including the open-source Redis database, Redis Enterprise, and Redis Modules. Redis Enterprise provides enhanced features such as high availability and scalability, available both on-premises and as a cloud service. Redis Modules extend the database's functionality for specialized use cases like graph databases and time-series data. Additionally, Redis offers managed cloud services to help customers deploy and manage their databases efficiently. With over 7,900 paying customers, Redis serves a diverse range of industries, including technology, finance, retail, and telecommunications. The company has played a significant role in the evolution of the Redis project and continues to advance its technology as a core infrastructure for real-time data processing.

Industry

information technology & services

Employees

900

406 engineers

Revenue

$154M

Website

Visit →

Security at Redis

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Redis's AppSec philosophy involves multiple forms of security testing, including "penetration tests, red team tests, code reviews, and vulnerability scanning."They maintain a "vulnerability disclosure program on HackerOne"and advise customers to "Only allow trusted identities to run Lua scripts or or any other potentially risky commands."The company emphasizes partnership and cross-team collaboration, with job postings stating, "Partner with security leadership to define and maintain team priorities"and responsibilities to "strengthen collaboration between Security, R&D, and CloudOps."Their risk philosophy includes "Cloud Security Monitoring and Response"and a focus on audits and appropriate safeguards.
  • Stated goals and pain points from job postings include "Vulnerability & Bug Bounty Management: Support vulnerability triage, remediation tracking, and coordination"and the need to "Develop and maintain dashboards or reports that track program health, remediation SLAs, and security maturity.".

Security Team

Riaz Lakhani is identified as Redis' CISO, and other company leadership like Rowan Trollope are publicly listed. Public job postings, such as for an Information Security Program Manager, describe roles that partner with Product Security and CloudOps, suggesting cross-functional security organization. However, information on the explicit AppSec team organizational chart, team size, or whether the model is embedded versus centralized is not publicly available. A LinkedIn search for "site:linkedin.com "Redis" "application security" OR "AppSec""did not yield authoritative headcount or a discrete AppSec team listing. As of, at least one security-focused job posting was found (Information Security Program Manager), but discrete AppSec-engineer postings were not found within the prioritized date range. Common skills in postings emphasize "Experience with bug bounty or responsible disclosure programs,"vulnerability triage, remediation tracking, and cross-team program management.

Key Initiatives

Redis's AppSec initiatives include publicly listed security testing types such as "penetration tests, red team tests, code reviews, and vulnerability scanning."They operate a "vulnerability disclosure program on HackerOne."Security advisories, like "Security Advisory: CVE-2025-49844,"are published on the Redis blog and authored by the CISO. Job postings indicate direct responsibility for "vulnerability triage, remediation tracking, and coordination of bug bounty and disclosure reports."However, information on a Security Champions Program, specific 'Shift Left' practices (IDE/pre-commit/CI specifics), or Secure SDLC artifacts (threat modeling, mandatory reviews) is not publicly available. The vulnerability management process has partial evidence, documenting testing types and a HackerOne process, but explicit SLAs, MTTR targets, or ticketing workflow details are not publicly available. Recent initiatives within the last 6 months include security advisories and legal/trust documentation, but specific new AppSec tool rollouts, program launches, or policy changes were not found.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.

Interested in this role?

Apply on LinkedIn