Product Security & Compliance Engineer

We provide the DevOps automation platform built to empower developers. From cloud infrastructure provisioning to production deployment, our platform streamlines every step, enabling faster delivery, simplified workflows, and significant time savings.

We're scaling, and we are looking for our Product Security & Compliance Engineer.

🎯 Why This Role is Important

Security and compliance aren’t just checkboxes; they’re core to the experience we deliver to our users. 

In this role, you’ll work at the intersection of product, infrastructure, and compliance. You’ll ensure we meet the highest security standards (SOC2, ISO, DORA...) and embed those same principles directly into our product, enabling secure-by-default experiences for all our customers.

🧩 What You'll Own

• Own our compliance roadmap: Lead and maintain initiatives for SOC2, DORA, ISO 27001, and more, ensuring we stay ahead of evolving standards.

• Build security into the product: Design and implement security controls directly within our infrastructure platform, keeping security seamless and low-overhead for users.
• Drive technical security ops: Define best practices for patch management, system updates, and infrastructure security. Partner with R&D teams to embed these practices into their workflows.
• Automate code & vulnerability reviews: Set up tools and processes to detect CVEs and enable fast, reliable patching across our codebase and dependencies.
• Implement security tooling: Deploy and manage security monitoring, logging, and alerting solutions. Guide engineering teams in integrating and following these tools.
• Lead customer security reviews: Handle security questionnaires, assessments, and audits for prospects and customers.
• Manage audits & risk: Run regular security audits, coordinate with third-party auditors, and manage tools like Vanta to automate compliance workflows.
• Create clarity: Document policies, create security playbooks, and run training sessions to keep the team informed and aligned.
• Be our incident response lead: Take the reins when incidents happen, drive response efforts, and lead post-incident reviews.

🛠 What You Bring

• Strong experience with compliance frameworks like SOC2, ISO 27001, DORA
• Solid background in cloud infrastructure security (AWS, GCP, Azure, Kubernetes, containers, IDS, WAF, DDoS protection, SSL/TLS, etc.)
• Comfortable with system-level security and patch management
• Ability to read code, understand development workflows, and implement security tooling
• Familiar with tools like Vanta, AWS Security Hub, Renovate, SIEMs, vulnerability scanners
• Strong communication skills: able to collaborate with technical teams and explain security requirements clearly
• A mindset for automation and scale: experience with Infrastructure as Code and security automation is a plus
• Comfortable with languages like Rust, Kotlin, Go, or similar
• Fluent in English (written and spoken)

We’re committed to keeping you informed throughout the process, ensuring a smooth and transparent experience.