Resumen del rol

Senior Security Engineer (Europe, Remote)

Requisitos y responsabilidades

Contenido del rol extraído en secciones para revisar más rápido.

Product and application security

  • Application security: Lead application security across the product portfolio - threat modeling, secure design reviews, code-review support, and hands-on remediation work alongside developers.
  • Secure SDLC and tooling: Embed security into the SDLC and CI/CD without creating unnecessary delivery friction. Build, own and tune security tooling (SAST, DAST, dependency and container scanning, secrets detection) and implement policy-as-code and pre-merge gates in our Terraform and Terragrunt pipelines yourself.
  • Vulnerability management: Identify, validate, prioritize and remediate vulnerabilities in applications, APIs, infrastructure and third-party integrations, working hands-on with engineering and advising pragmatically on risk trade-offs.

Cloud infrastructure and detection

  • Cloud security: Own the security posture across AWS and Kubernetes - IAM and network design, encryption, logging baselines, configuration drift and cloud security posture management.
  • Detection and response: Build and tune cloud detections (CloudTrail, GuardDuty, Security Hub), write runbooks, and act as the technical security lead for product and cloud incidents, partnering with DevOps for investigation and containment. This role is the security escalation point for incidents; there is no primary tier-1 pager rotation.

Compliance and customer trust

  • Audit ownership: Own and drive our SOC 2 and ISO 27001 programs end to end - control design, evidence automation and primary auditor liaison - and maintain policies and control documentation in Confluence. The internal Security Engineer runs the day-to-day evidence pipeline and supports you.
  • Customer assurance: Support sales and customer trust by completing security questionnaires, explaining our technical controls, and handling follow-up from customer audits and assessments.

Architecture and leadership

  • Security review: Drive the security review of new features, architecture decisions, integrations and platform changes, especially where customer data, authentication, authorization or data-processing risks are involved.
  • Manage and mentor the Security Engineer: Manage, mentor and develop our internal Security Engineer, including 1:1s, performance reviews, leave approvals and day-to-day delegation. Corporate IT, identity and endpoint security are owned by them, not by you, so you can focus on product and cloud security.

Ideal Profile

  • Hands-on builder, not an advisor: You implement security yourself - controls, fixes, tooling and detections - rather than handing work to others and waiting for it to happen. This is a doing role.
  • Product and cloud security depth: Strong hands-on background in application security and secure software development in cloud-native environments (AWS, Kubernetes, CI/CD, containers, infrastructure-as-code).
  • Comfortable in code: Comfortable reading code, reviewing APIs and architecture, and working directly with developers on remediation.
  • Compliance driver: Proven ability to drive SOC 2 and ISO 27001 workstreams, from control design to auditor interaction, not only evidence collection.
  • People leadership: Able to manage and develop one engineer, including delegation, 1:1s and performance.
  • Pragmatic communicator: Balances hands-on technical work with the process discipline of enterprise B2B SaaS, and explains risk clearly to engineers, leadership, auditors and occasionally customers.
  • AI-forward: Comfortable using AI and LLM tools day to day and genuinely open to adopting them further. Deep AI-security expertise is not required, but a fundamental willingness to engage with AI is expected; an unwillingness to work with AI is not a fit.
  • Atlassian native: Works day to day in the Atlassian stack (Jira, Confluence) as our primary documentation and workflow systems.

Nice to haves

  • Experience securing AI/LLM or agent-based features (prompt injection, tool and agent permissions, model-access controls).
  • Hands-on familiarity with the security and observability platforms we use, such as Snyk, Rapid7 and Grafana Cloud, and with Microsoft Sentinel for cross-team investigations.
  • Experience in cyber threat intelligence, attack surface management, threat hunting or other security-product environments.
  • Prior experience in a PE-backed or scale-up software company where security, compliance and delivery speed all matter.
  • Prior experience working as a software engineer or in a DevOps role.
  • Certifications such as CISSP, CSSLP, OSCP, AWS Security Specialty, CKS, ISO 27001 Lead Implementer or similar, helpful but not required.

Benefits

  • Competitive compensation
  • Remote-friendly culture
  • Wellness programs
  • Employee recognition program
  • A variety of professional development opportunities
  • Inclusive culture focused on people, customers and innovation
Roles similares

Mantén una lista de respaldo.

Ver stack
FocoSecurity EngineeringÁrea del rol
Señal de senioritySeniorNivel del candidato
StackAWS, CI/CD, KubernetesSkills principales
Ubicación1 país aceptadoElegibilidad

Stack

Usa estas tags para comparar roles remotos similares.

Elegibilidad de ubicación

Candidatos deberían aplicar solo cuando el país del perfil aparece aquí.

Tu perfilPaís no definidoInicia sesión para comparar tu país con este rol.

Flujo de contratación

WithMira muestra el rol y luego envía candidatos a la aplicación de la empresa.

1Revisa fit del rol, stack y elegibilidad de ubicación en WithMira.
2Abre la página de aplicación de la empresa desde el link rastreado.
3Guarda el rol o suscríbete a oportunidades similares antes de salir.
Aplicar en el sitio de la empresaSitio de la empresaAbrir link