About Flexport:

At Flexport, we believe global trade can move the human race forward. That’s why it’s our mission to make global commerce so easy there will be more of it. We’re shaping the future of a $10T industry with solutions powered by innovative technology and exceptional people. Today, companies of all sizes - from emerging brands to Fortune 500s - use Flexport technology to move more than $19B of merchandise across 112 countries a year.

The recent global supply chain crisis has put Flexport center stage as we continue to play a pivotal role in how goods move around the world. We are proud to have the support of the best investors in the game who believe in our mission, solutions and people. Ready to tackle global challenges that impact business, society, and the environment? Come join us.

Product Security Engineer II

Flexport is looking for Product Security Engineers to help Flexport establish itself as the most trusted company in the global trade ecosystem. As a Product Security Engineer, you’ll develop a deep understanding of product development and strategy, and will be able to quickly identify and communicate security risks to diverse audiences while offering alternative solutions.

All security disciplines work under the umbrella of the combined PSI (Platform, Security & Infrastructure) team: we build the paved path and tooling that hundreds of engineers around the world rely on every day to ship. Security gains massive leverage by working hand in hand with Platform and Infrastructure, with every element of the team reinforcing each of the others.

This is not a role where you wait for tickets. You’ll build the tools that our product teams reach for when they want a secure-by-default solution. You’ll discover what tools to build by working with our product teams at every stage of the software development lifecycle. And you’ll proactively analyze what they produce to find the flaws before the bad guys do.

What You'll Do

Strategy & foundations

• Build guardrails and AI-accelerated patterns that make secure-by-default the path of least resistance for developers.
• Build and maintain security tooling and automation that scales product security.
• Respond to emerging threats.

Design-time & review

• Contribute to threat modeling, design reviews, and code reviews with pragmatic guidance that balances risk against velocity.
• Partner with engineering to security-review and test new features and services as they're built.

Vulnerability management

• Triage, reproduce, and validate incoming bug bounty submissions and internal security reports.
• Cut through SAST, secrets, and vulnerability scanner noise to prioritize real issues and guide developers to effective fixes.
• Partner with development teams to drive remediation and track issues through closure.

Developer enablement

• Write clear, actionable security patterns that let developers ship fast and stay secure.
• Write and maintain runbooks, developer guidelines, and security documentation that scale the team's practices.
• Stay current on web and cloud security trends and bring new findings into product discussions.

You Should Have

• 2–5 years of experience in product/application security or software development with a security focus.
• Strong grasp of web application security principles and common attack vectors (e.g., OWASP Top 10).
• Proficiency with application testing tools such as Burp Suite, OWASP ZAP, or browser developer tools.
• Working knowledge of at least one modern programming language (e.g., Ruby, Java/Kotlin, TypeScript/JavaScript, Python).
• Working knowledge of at least one major cloud provider (AWS, GCP, Azure).
• Hands-on experience with SAST tools (Cycode, Semgrep, Snyk, or similar).
• Experience improving developer experience (DevEx) security without slowing teams down.
• Clear, constructive communicator on technical risk - in writing, in code review, and in conversation.
• Collaborative by default: you partner with developers, SREs, and security peers rather than handing down mandates.
• Comfortable with security on-call rotation and picking up work across security disciplines when needed.

Nice to Have

• Hands-on experience with bug bounty platforms.
• Experience with cloud infrastructure security (AWS, GCP, Azure) and container technologies.
• Participation in CTF events or open-source security projects.
• Familiarity with threat modeling frameworks and secure SDLC best practices.
• Interest in contributing to internal developer security training programs.

How We Work

• In Amsterdam we come to the office 3 times a week to hang out, whiteboard, and ship together.
• We stay closely aligned with our coworkers on other continents.
• We have the latest hardware and software, including frontier AI models on day one.
• We're agile, but not dogmatic. Teams decide how they work best.

Why This Role Is Special

• Massive leverage: every improvement you ship is multiplied across hundreds of engineers and thousands of deploys a day.
• Full ownership: from developer research to production rollout to measuring impact, it's yours.
• You shape the paved path: the conventions you set and decisions you make become how Flexport engineering builds for years to come.

What's in it for you

• An opportunity to contribute to one of the fastest-growing companies, where you’ll have the chance to create a global impact while being a part of a thriving multinational environment.
• Daily catered lunches incl. vegetarian options, breakfast, snacks and soft drinks available in our office on daily basis.
• Commute expenses: Flexport will cover home-office commuting costs for employees living outside of Amsterdam.
• 25 working days as vacation days based on full time employment.
• Health insurance: Flexport offers a collective health insurance plan including a basic package and any available additional packages. Your monthly premium is fully paid by Flexport.
• A defined pension contribution scheme.
• Equity program: every team member becomes a shareholder, aligning our success with yours. As a private company in a multi-trillion dollar industry, you have a direct stake in our collective growth and success.
• Employee Assistance Program through Aetna Resources for Living: Flexport provides an employer-sponsored program at no cost to you and your household members.
• Parental leave benefit: Flexport is here to support you and your families in one of the most important times in life – the birth of a child! Our parental leave program allows both mothers and partners to take time off from work for pregnancy, childbirth, and to bond with your new child.

#LI-hybrid