Security Officer (Remote, Europe)

Responsibilities## Backlog & Strategy

Own and prioritise the Security Backlog, translating high-level threats and compliance needs into actionable engineering requirements for the development teams.

Security Champions Program Lead and evolve our existing Security Champions initiative, mentoring engineers to perform internal security reviews and ensuring security is a distributed responsibility rather than a bottleneck.

Architectural Risk Management Conduct formal Architectural Risk Assessments on critical components (e.g., Cloud RBAC, JWT, Inference) to ensure security is "baked-in" during the design phase of the SDLC.

Compliance & Audits Maintain our "always-audit-ready" status using Drata and HeyData. You will oversee annual SOC 2 audits, GDPR requirements, and drive our OWASP SAMM roadmap toward a maturity score of 1.0.

Multi-Cloud Security Governance Oversee security posture management across AWS, GCP, and Azure; leading technical compliance audits and implementing automated identity and access management (IAM) to ensure infrastructure resilience.

Vulnerability Management & Pentesting Manage the bi-annual penetration testing lifecycle, coordinate with external security researchers (Bug Bounty Program), and ensure timely remediation of findings in coordination with the development teams.

Sales & Growth Support Act as the subject matter expert for customers, completing detailed security questionnaires and ensuring our marketing vendor ecosystem remains compliant.

Requirements## Must-have

• Experience: 5 years in Security Engineering, DevSecOps, or as a Security Officer in a cloud-native SaaS environment.
• Cloud Proficiency: Technical knowledge of AWS, GCP, Azure (IAM, Multi-AZ architectures, Trusted Advisor, etc.).
• Regulatory & Policy Fluency: Practical experience maintaining SOC 2 Type II, HIPAA, and GDPR. You can architect a unified security policy framework that satisfies multiple compliance standards simultaneously, reducing operational overhead for the engineering team.
• Risk Assessment Skills: Ability to perform threat modeling and architectural risk classification on complex distributed systems.
• Communication: Strong stakeholder management skills; you can advocate for security resources during quarterly capacity planning and explain P0 risks to leadership.
• Self-Starter: The ability to move from "reading the exact policy" to "investigating the code" to provide an informed response to technical queries.

Nice-to-have

• Familiarity with the OWASP SAMM framework.
• Experience using automated compliance tools like Drata or Vanta.
• Background in Rust or high-performance database environments.
• Professional certifications such as CISSP, CISA, or CCSP (Certified Cloud Security Professional), or advanced security-focused certifications from major cloud providers (e.g., AWS Certified Security -- Specialty, Azure Security Engineer, or Google Professional Cloud Security Engineer).
• Experience navigating the AWS Foundational Technical Review (FTR).

Benefits##

• Competitive salary, equity, and benefits
• Fully remote setup with flexible working hours
• Clear ownership of reliability and operational excellence
• Opportunity to work on mission-critical customer-facing infrastructure
• Strong collaboration with platform and engineering teams

If you enjoy de-risking complex cloud architectures and scaling security through a culture of shared responsibility and technical rigor, we'd love to hear from you.

Location: Remote (Europe) Salary: Competitive, EUR