Bloomreach is building the world’s premier agentic platform for personalization.We’re revolutionizing how businesses connect with their customers, building and deploying AI agents to personalize the entire customer journey. We're taking autonomous search mainstream, making product discovery more intuitive and conversational for customers, and more profitable for businesses. We’re making conversational shopping a reality, connecting every shopper with tailored guidance and product expertise — available on demand, at every touchpoint in their journey. We're designing the future of autonomous marketing, taking the work out of workflows, and reclaiming the creative, strategic, and customer-first work marketers were always meant to do. And we're building all of that on the intelligence of a single AI engine — Loomi AI — so that personalization isn't only autonomous…it's also consistent.From retail to financial services, hospitality to gaming, businesses use Bloomreach to drive higher growth and lasting loyalty. We power personalization for more than 1,400 global brands, including American Eagle, Sonepar, and Pandora.

Your Job will be (but not limited to)

Champion and operationalize Secure Software Development Lifecycle (SSDLC) practices across engineering teams, ensuring security is embedded throughout the product development process. Conduct in-depth security reviews of application designs, system architectures, and infrastructure components to identify risks and ensure alignment with security best practices and organizational objectives. Lead the development and execution of threat modeling exercises for new and existing products. Conduct risk assessments to identify security vulnerabilities and propose pragmatic, risk-aligned mitigations. Provide expert-level security guidance to product and engineering teams, including the creation of actionable threat models and recommendations for effective, scalable countermeasures. Influence the evolution of enterprise-wide security policies, standards, and development guidelines with a focus on enhancing secure-by-design principles and regulatory compliance. Evaluate, pilot, and drive the adoption of emerging security technologies and tooling to enhance the organization's product security capabilities and developer experience. Plan and perform comprehensive security assessments, penetration tests, and threat simulations across a variety of platforms and environments.  Leverage existing processes to triage and assign vulnerabilities identified by security tools to the appropriate stakeholders for timely remediation. Serve as a key partner to engineering, DevOps, compliance, and other cross-functional teams to embed security into the product lifecycle and foster a strong security culture. Act as the designated security lead for a specific product domain, serving as the primary liaison and advisor for all security-related concerns and initiatives within that area.

Professional Experience and Skills Requirements

 

5+ years of hands-on experience as a Security Professional with a strong focus on application security Proven experience performing security assessments and penetration testing of web applications Practical experience conducting threat modeling using the STRIDE methodology Strong understanding of vulnerability management best practices with the ability to implement them at scale Exposure to AI and LLM technologies with a foundational understanding of relevant security controls In-depth knowledge of modern application architectures and associated security considerations Proficiency with cloud platforms—AWS and GCP experience is required Familiarity with OWASP standards including the OWASP Top 10, Testing Guide, and SAMM framework Hands-on experience with tools such as Burp Suite, SonarQube, OWASP ZAP, Nmap, and other security testing tools Ability to analyze, assess, and appropriately prioritize vulnerabilities based on risk Strong communication skills with the ability to convey technical concepts to both technical and non-technical audiences Self-motivated and proactive mindset with a focus on process improvement and efficiency Team-oriented attitude with a willingness to support and collaborate across functions A continuous learning mindset with a strong drive to stay current in security trends and emerging technologies Excellent command of the English language, demonstrating strong listening, speaking, and reading skills

Your success story will be:

In the first 30 days you will

Develop a deep understanding of Bloomreach’s product portfolio, architecture, and core services Familiarize with internal SOPs, security policies, and team workflows Gain operational knowledge of in-scope security solutions, tools, and platforms used by the Product Security team Establish working relationships with cross-functional teams including Engineering, DevOps, and Compliance

 

In the next 30 days you will (60 days from start)

Actively contribute to ongoing penetration tests and security assessments of web applications and product components Participate in threat modeling sessions using methodologies like STRIDE to identify potential design risks Review vulnerability data and security findings from various sources (e.g., scanning tools, manual testing) Analyze and validate findings, assess risk impact, and begin drafting remediation guidance collaboratively with stakeholders Continue developing subject matter expertise in Bloomreach’s security landscape, including AI/LLM-related risks

 

In the next 30 days you will (90 days from start)

Take ownership of security assessments for new product features and enhancements Lead threat modeling sessions and provide actionable recommendations early in the development lifecycle Drive and facilitate technical discussions related to secure architecture and application-level protections Serve as a point of contact for Product Security, engaging with engineering teams and leadership to advise on secure development practices Proactively identify process improvements and contribute to the ongoing evolution of the product security program

More things you'll like about Bloomreach: Culture: A great deal of freedom and trust. At Bloomreach we don’t clock in and out, and we have neither corporate rules nor long approval processes. This freedom goes hand in hand with responsibility. We are interested in results from day one.  We have defined our 5 values and the 10 underlying key behaviors that we strongly believe in. We can only succeed if everyone lives these behaviors day to day. We've embedded them in our processes like recruitment, onboarding, feedback, personal development, performance review and internal communication.  We believe in flexible working hours to accommodate your working style. We work virtual-first with several Bloomreach Hubs available across three continents. We organize company events to experience the global spirit of the company and get excited about what's ahead. We encourage and support our employees to engage in volunteering activities - every Bloomreacher can take 5 paid days off to volunteer*. The Bloomreach Glassdoor page elaborates on our stellar 4.4/5 rating. The Bloomreach Comparably page Culture score is even higher at 4.9/5 Personal Development: We have a People Development Program -- participating in personal development workshops on various topics run by experts from inside the company. We are continuously developing & updating competency maps for select functions. Our resident communication coach Ivo Večeřa is available to help navigate work-related communications & decision-making challenges.* Our managers are strongly encouraged to participate in the Leader Development Program to develop in the areas we consider essential for any leader. The program includes regular comprehensive feedback, consultations with a coach and follow-up check-ins. Bloomreachers utilize the $1,500 professional education budget on an annual basis to purchase education products (books, courses, certifications, etc.)* Well-being: The Employee Assistance Program -- with counselors -- is available for non-work-related challenges.* Subscription to Calm - sleep and meditation app.* We organize ‘DisConnect’ days where Bloomreachers globally enjoy one additional day off each quarter, allowing us to unwind together and focus on activities away from the screen with our loved ones. We facilitate sports, yoga, and meditation opportunities for each other. Extended parental leave up to 26 calendar weeks for Primary Caregivers.* Compensation: Restricted Stock Units or Stock Options are granted depending on a team member’s role, seniority, and location.* Everyone gets to participate in the company's success through the company performance bonus.* We offer an employee referral bonus of up to $3,000 paid out immediately after the new hire starts. We reward & celebrate work anniversaries -- Bloomversaries!*

(*Subject to employment type. Interns are exempt from marked benefits, usually for the first 6 months.)

Excited? Join us and transform the future of commerce experiences!

If this position doesn't suit you, but you know someone who might be a great fit, share it - we will be very grateful!

Any unsolicited resumes/candidate profiles submitted through our website or to personal email accounts of employees of Bloomreach are considered property of Bloomreach and are not subject to payment of agency fees.

#LI-Remote