SDLC Security Engineer, Product Security

Recorded Future is seeking a highly experienced and technically proficient SDLC Architect to join our Product Security team. This critical role focuses on designing, defining requirements for, and leading the implementation of a world-class Software Development Lifecycle (SDLC) process with a paramount focus on security. Our objective is to embed security seamlessly and efficiently into every phase of development, from initial concept to deployment and beyond. The primary focus of this position is to work with our Secure SDLC. This involves a deep partnership with engineering, product management, and operations teams to ensure that security is a consistent and non-negotiable requirement throughout the product development pipeline.

Key responsibilities include designing, documenting, and championing an end-to-end Secure SDLC that aligns with industry best practices, regulatory requirements, and the specific needs of our product portfolio. The role involves identifying, evaluating, and integrating security tools and controls (e.g., SAST, DAST, SCA, IAST, secret scanning) directly into the CI/CD pipelines to automate security gates and checks. The goal is to build an SDLC that maximizes developer productivity while ensuring that all security requirements placed upon our products—including data protection, compliance, and threat mitigation—are consistently met and verifiable. Additionally, the role requires translating high-level security policies and risk management objectives into clear, actionable, and testable technical requirements for development teams. Developing and delivering training, guidelines, and documentation to empower developers to write secure code from the outset, adopting a "Security as Code" mindset, is also a key responsibility. This role requires close collaboration with all engineering disciplines and involves participation in the Platform Security team's daily operations, including incident response and threat modeling as needed. The position reports directly to the Director of Platform Security, who is based in our Gothenburg office.

The ideal candidate will have 3+ years of relevant professional experience and a proven background in software development, specifically in designing and implementing robust SDLC processes and CI/CD pipelines. Solid expertise in computer security principles and a strong ability to assess risks and make informed decisions are essential. A keen interest in finding and balancing security needs with developer productivity, along with excellent communication skills and the ability to effectively build relationships across different teams, are also required.