Security Engineer

About the Project

‍

We are looking for a Security Engineer to support security operations and application security for a cloud-based SaaS platform. The role focuses on practical security improvements across cloud configuration, identity, vulnerability management, secure SDLC, incident response, and compliance evidence.

The environment includes AWS or Azure cloud services, CI/CD pipelines, containerised applications, SAST/DAST tooling, dependency scanning, SIEM/logging tools, IAM, and collaboration with engineering teams. The role requires strong spoken English for security discussions, risk explanation, and communication with international stakeholders.

‍

What You Will Do

‍

• Support cloud and application security reviews for SaaS environments and engineering workflows.
• Run vulnerability management processes across applications, containers, dependencies, and cloud resources.
• Work with developers on secure coding practices, threat modelling, and remediation planning.
• Review IAM, secrets management, access controls, logging, and cloud security configurations.
• Integrate or maintain SAST, DAST, dependency scanning, and container scanning in CI/CD pipelines.
• Support incident response activities, security monitoring, evidence collection, and post-incident improvements.
• Contribute to policies, security documentation, audit evidence, and compliance readiness.

‍

What We Are Looking For

‍

• 3+ years of commercial experience in security engineering, application security, cloud security, or security operations.
• Good understanding of web application security, OWASP Top 10, authentication, authorisation, and secure API design.
• Experience with AWS or Azure security controls, IAM, networking, logging, and secrets management.
• Experience with vulnerability scanning, SAST/DAST, dependency scanning, and remediation tracking.
• Understanding of incident response, security monitoring, risk assessment, and practical compliance evidence.
• Ability to work constructively with engineering teams and translate risks into actionable fixes.
• Strong spoken English - B2+ or higher for explaining security issues and recommendations to international teams.

‍

Nice to Have

‍

• Experience with SOC 2, ISO 27001, GDPR/UK GDPR, or vendor security questionnaires.
• Experience with SIEM tools, Wazuh, Sentinel, Splunk, Datadog, or cloud-native monitoring.
• Experience with Kubernetes security, container hardening, or secrets management platforms.
• Security certifications are welcome but not a replacement for practical engineering judgement.

‍

Apply

‍

If you prefer practical security improvements over paperwork-only security and enjoy working closely with engineers, we would be glad to hear from you. Send us your CV and we will contact you to discuss relevant opportunities.

‍