Security Engineer

Own and continuously improve our vulnerability management program, ensuring full coverage and accurate exposure visibility across all assets

Build and maintain automation around security tooling to ensure data quality, consistency, and actionable insights

Perform security assessments across the SDLC: design reviews, threat modeling, code reviews, and dynamic testing, working closely with engineering teams

Integrate and enforce security controls within CI/CD pipelines (SAST, DAST, secrets detection, dependency scanning), with a strong focus on developer experience

Conduct internal offensive security activities (penetration testing, red teaming, exploitation) to validate real-world risk and identify control gaps

Translate vulnerabilities into real business risk by validating exploitability and prioritizing remediation based on impact

Contribute to incident response and security investigations, including root cause analysis and improvement of detection and response capabilities

Actively participate in improving our security posture by challenging assumptions, refining detection logic, and improving how we measure exposure

Collaborate with infrastructure and platform teams (AWS, Kubernetes, IAM) to ensure secure-by-design architectures

Contribute to threat intelligence efforts by identifying relevant threats and mapping them to our internal stack and exposure

Support the evolution of our security practices, tooling, and processes as we continue to scale our business and security capabilities 

You have hands-on experience in cybersecurity engineering, application security, or infrastructure security

Strong understanding of modern cloud environments (preferably AWS), including networking, IAM, and containerized workloads

Experience with vulnerability management and security tooling, with a good understanding of asset exposure and data accuracy

Familiar with integrating security controls into CI/CD pipelines (SAST, DAST, secrets detection, dependency scanning)

Comfortable performing technical security assessments (web, APIs, infrastructure), including validation and exploitation of vulnerabilities

Solid understanding of core security concepts and protocols (DNS, TLS, authentication, CVEs, etc.)

Able to think in terms of risk and prioritize based on real-world impact rather than theoretical vulnerabilities

Experience working in regulated environments such as financial services is a strong plus

Strong collaboration and communication skills, able to work closely with developers and infrastructure teams

Pragmatic mindset, able to balance security requirements with engineering constraints

Curious and proactive, not afraid to challenge existing setups and improve them

Certifications (e.g. OSCP, OSWE or similar) are a plus but not required