Listing Description

Grammarly team members in this role must be based in Poland, Germany, or Portugal.

The opportunity

Grammarly empowers people to thrive and connect, whenever and wherever they communicate. More than 30 million people and 30,000 teams around the world use our AI-powered writing assistant every day. All of this begins with our team collaborating in a values-driven and learning-oriented environment. 

To achieve our ambitious goals, we’re looking for engineers to join our AppSec team. In this role, you will have a substantial impact on the security of Grammarly product family and cloud infrastructure behind it. We are looking for engineers eager to find bugs and vulnerabilities in the code and to conduct black-box and white-box testing of different products and features.

Grammarly’s engineers and researchers have the freedom to innovate and uncover breakthroughs—and, in turn, influence our product roadmap. The complexity of our technical challenges is growing rapidly as we scale our interfaces, algorithms, and infrastructure. Read more about our stack or hear from our team on our technical blog.

Your impact

In this role, you will:

• Serve as the subject matter expert for application security, providing guidance to Engineering and Product teams.


• Develop secure system design and secure coding recommendations. 


• Design and implement SDLC practices including code reviews, static/dynamic code analysis, and vulnerability assessments.


• Actively participate in the “security champions” initiative and provide security training to engineering teams. 


• Perform security testing on our internal and external applications—including performing security code reviews, vulnerability assessments,  and exploit development, as well as documenting the outcomes of the research.


• Manage Grammarly bug bounty and drive different program initiatives and promotions.


• Integrate SAST/DAST in CI/CD and operational pipelines.


• Create and manage tools (e.g., web security scanners) to help test and monitor product security.

We’re looking for someone who

• Embodies our EAGER values—is ethical, adaptable, gritty, empathetic, and remarkable.


• Is able to collaborate in person in Krakow 2–4 weeks per quarter, traveling if necessary.


• Has a minimum of two years in application security or related field.


• Has knowledge of programming languages (JS, Java, Python, Go). 


• Is familiar with software development methodologies, processes, and tools. 


• Is familiar with modern DevOps practices and tools.


• Has working experience with application security tools like BurpSuite, OWASP ZAP, Metasploit, etc.
  An ideal candidate would be someone who


• Has participated in bug bounty programs and security research.


• Has practical experience with device management, access provision, and access management.


• Has prior experience in continuous security cycle implementation for web applications.


• Has knowledge of networking principles or macOS/Linux/Windows platforms.


• Has experience with malware analysis; reverse engineering is also a plus.


• Has experience with AWS (or other cloud platforms).

We encourage you to apply

At Grammarly, we value our differences, and we encourage all to apply. Grammarly is an equal opportunity company. We do not discriminate on the basis of race or ethnic origin, religion or belief, gender, disability, sexual identity, or age.

For more details about the personal data Grammarly collects during the recruitment process, for what purposes, and how you can address your rights, please see the Grammarly Data Privacy Notice for Candidates here.