Security Architect

We are currently seeking a Security Architect to join our engineering team and play a crucial role in enhancing our security posture. We process some of the most sensitive data for our customers - documents related to their procurement, order fulfillment, cash flow, and vendor relationships. In this role, you will be responsible for helping us tackle various security challenges, including improving the security of our core product application and infrastructure, streamlining our log management and alerting system, and strengthening our incident response capabilities. Your expertise and commitment to security will be instrumental in continuing our excellent security track record as we scale up as a company.

You’ll be part of our R&D organization, reporting directly to the CTO initially and working closely with our SRE, product engineering, and IT ops teams.

Rossum’s vision is a world that builds rather than types. We leverage state-of-art AI to eliminate useless paperwork and make the whole world go faster. If you want to know more about the company and how we are making B2B communication frictionless, you’ll find detailed information at the bottom of the job description.

The role

Our technology stack is what you would expect in a modern startup, without any legacy baggage. Our Python+React app and infrastructure run in terraformed Kubernetes clusters on AWS using GitLab-driven CI/CD. We utilize Okta for SSO, Workspace1 for endpoint management, Sentinel1 as EDR and Wiz for threat intelligence. Our IT infrastructure is centered around GSuite, Atlassian, and Slack. We operate predominantly in the cloud, with a zero-trust network model implemented in our offices.

As a security architect you’ll be responsible for:

• Being security partner for our engineering teams who co-owns the security landscape around our core application and infrastructure. This role requires a practical understanding of web, cloud, and network security, along with experience in threat modeling for security reviews. The ideal candidate should be able to manage security infrastructure hands-on as needed.

• Maintaining company threat model, monitoring security stance, creating and policies related to SDLC and cloud security and providing assistance with audits, client inquiries or various security related issues.

• Co-owns and automates basic cloud security operations related to threat intelligence and incident management.

In our team we value open communication and an inclusive environment. Our long-term goal is to do things as efficiently and sustainably as possible, because security is a perpetual work, and it never ends. We believe best approach to security operations is similar to the SRE philosophy - devoting at least 50% of time to automating chores, rather than performing them.

Your role will have a direct impact on Rossum’s security stance, especially in relation to the safety of our clients. In addition, you’ll be ensuring that our engineers are working in the most secure and compliant way possible.

You’ll work closely with development and infrastructure teams, to define the scale of the role and its challenges - we are still a small company and so are the data amounts and issues we're dealing with, so it's feasible to be a kind of "security full-stack" person as you'll be planning, managing and using the security systems, processes and policies.

You should apply if:

• You have a wide range of general knowledge about good security practices and have a holistic approach to security of companies - like e-mail security setup, basic networking, access rights management, and many more

• You are good at planning, coordinating, and delivering short-term cross-team security improvements and/or remediation activities

• You have a background in Linux system administration and scripting (shell, Python, …)

• You have experience with log management and security monitoring systems - as an admin (hence the Linux system administration background) and as a security analyst (to be able to understand the logs, set up security alerts, and solve them)

• You like to help others and also are not afraid to ask for help for yourself

• You’re a geek (this is not mandatory, but it helps 🙂) 

What we offer (Benefits)

• Bleeding-Edge Security Challenges – Work on securing AI-powered, cloud-native systems in a fast-moving environment. You’ll be directly responsible for protecting our infrastructure, data, and applications.

• Strategic Impact – Own and shape the security strategy for a growing SaaS company, working closely with the CTO and engineering teams.

• Hands-On & Leadership Balance – A unique opportunity to stay technically involved while developing leadership skills in a growing security team.

• Modern Security Stack – Work with state-of-the-art security tools in Gitops first best practices environment, including Gitlab based Gitops CICD, AWS, Terraform, Kubernetes, EFK stack, and advanced log monitoring & incident response automation with Wiz.

• Stock Options – Be part of our success story with a stake in the company.

• Flexible Working Conditions – Hybrid work setup, flexible hours, and autonomy to manage security projects efficiently.

• Learning & Development – Budget for security certifications (e.g., CISSP, OSCP, AWS Security Certs), training, and conference attendance to stay ahead of emerging threats.

• Top-Tier Hardware & Tools – High-end laptop (MacBook Pro or Linux-based Lenovo) and access to the best security tools & software.

• Work-Life Balance – 5 weeks of vacation, 5 sick days, and additional 2 weeks of paternity leave.

• Health & Well-being – Multisport card for access to sports facilities, snacks & beverages in the office, and mental well-being support.

• Engaging Work Culture – Join a highly collaborative, no-ego team where security is a priority, not an afterthought.