Remotery

Senior Security Engineer

Posted 1 hour ago

This is a fully remote position, open to applicants in Europe.

📋 Description

• Take ownership of enhancing the security of our platform, products, and engineering delivery processes, with a strong emphasis on application security, secure SDLC, cloud security, and compliance for customer-facing services.

• Directly implement controls, fixes, tooling, and detections - we seek a proactive builder who engages in the work rather than an advisor who delegates tasks and waits for completion.

• Collaborate closely with Engineering, DevOps, Product, and QA teams, while managing one internal Security Engineer responsible for corporate, identity, and endpoint security, who will assist you with daily compliance tasks.

• Lead application security initiatives across the product range, including threat modeling, secure design reviews, code review assistance, and hands-on remediation alongside developers.

• Integrate security into the SDLC and CI/CD processes without introducing unnecessary delivery delays. Build, manage, and optimize security tools (SAST, DAST, dependency and container scanning, secrets detection) and implement policy-as-code and pre-merge gates within our Terraform and Terragrunt pipelines yourself.

• Identify, validate, prioritize, and remediate vulnerabilities across applications, APIs, infrastructure, and third-party integrations, collaborating closely with engineering teams and offering pragmatic advice on risk management.

• Maintain security standards across AWS and Kubernetes, focusing on IAM and network design, encryption, logging baselines, configuration drift, and overall cloud security posture management.

• Develop and refine cloud detections (CloudTrail, GuardDuty, Security Hub), create runbooks, and serve as the technical security lead for product and cloud incidents, working with DevOps on investigation and containment efforts.

• Oversee the security assessment of new features, architectural decisions, integrations, and platform modifications, particularly where customer data, authentication, authorization, or data-processing risks are pertinent.

• Manage, mentor, and develop our internal Security Engineer, conducting 1:1s, performance evaluations, leave authorizations, and daily task delegation. Corporate IT, identity, and endpoint security are their responsibilities, allowing you to concentrate on product and cloud security.

• Lead and advance our SOC 2 and ISO 27001 initiatives from start to finish - including control design, evidence automation, and primary auditor liaison - while maintaining policies and control documentation in Confluence.


⛳️ Requirements

• Hands-on builder, not an advisor: You execute security measures yourself - controls, fixes, tooling, and detections - instead of delegating tasks to others and waiting for results. This role is action-oriented.

• Depth in product and cloud security: Strong practical experience in application security and secure software development within cloud-native environments (AWS, Kubernetes, CI/CD, containers, infrastructure-as-code).

• Comfortable with code: Proficient in reading code, reviewing APIs and architecture, and collaborating directly with developers on remediation efforts.

• Compliance-focused: Demonstrated capability to lead SOC 2 and ISO 27001 processes, from control design to auditor engagement, not just evidence collection.

• People leadership: Capable of managing and developing one engineer, including task delegation, 1:1s, and performance management.

• Pragmatic communicator: Balances hands-on technical work with the procedural discipline of enterprise B2B SaaS, clearly articulating risk to engineers, leadership, auditors, and occasionally customers.

• AI-savvy: Comfortable utilizing AI and LLM tools daily, with an openness to further adoption. While deep AI-security expertise is not mandatory, a fundamental willingness to engage with AI is expected; resistance to working with AI is not suitable.

• Atlassian proficient: Operates daily within the Atlassian ecosystem (Jira, Confluence) as our primary documentation and workflow systems.

• Nice to Have: Experience securing AI/LLM or agent-based features (prompt injection, tool and agent permissions, model-access controls). Familiarity with the security and observability platforms we utilize, such as Snyk, Rapid7, and Grafana Cloud, along with Microsoft Sentinel for cross-team investigations. Background in cyber threat intelligence, attack surface management, threat hunting, or other security-product environments. Previous experience in a PE-backed or scaling software company where security, compliance, and delivery speed are all critical. Experience as a software engineer or in a DevOps capacity. Certifications like CISSP, CSSLP, OSCP, AWS Security Specialty, CKS, ISO 27001 Lead Implementer, or similar are beneficial but not required.


🏝️ Benefits

• Competitive compensation

• Remote-friendly culture

• Wellness programs

• Employee recognition program

• A variety of professional development opportunities

• Inclusive culture focused on people, customers, and innovation

People also viewed

Datavant1 hour ago

Manager, Enterprise Security Architecture

US flagUnited States OnlyFull-timeCybersecurity / Security Engineer$188k – $230k/year
ApplyView job
Action11 hour ago

Product Security Engineer

CY flagCyprus OnlyFull-timeCybersecurity / Security Engineer
ApplyView job
ClanX1 hour ago

Senior Security Engineer

IN flagIndia OnlyFull-timeCybersecurity / Security Engineer
ApplyView job
Amentum1 hour ago

Aviation Infrastructure and Security Subject Matter Expert

US flagUnited States OnlyPart-timeCybersecurity / Security Engineer
ApplyView job
VivSoft1 hour ago

Cybersecurity Engineer

US flagUnited States OnlyFull-timeCybersecurity / Security Engineer
ApplyView job
CDW1 hour ago

Intune SME – Security Clearance (SC) Mandatory

GB flagUnited Kingdom OnlyFull-timeCybersecurity / Security Engineer
ApplyView job

Never miss a great job!

Get handpicked remote jobs straight to your inbox weekly.

Trusted by 7,400+ designers