What you will do Lead threat modeling and secure design reviews for new features, services, and architectural changes to discover and mitigate security findings early (shift left). Design and implement security-sensitive application functionality such as authentication, authorization, roles and permissions, and customer data handling. Build and maintain security libraries, tooling, and AI-powered agent suites that enable engineering teams to ship secure code by default and run frequent in-house security tests. Own our security testing lifecycle: integrate SAST, DAST, and SCA into CI/CD, contract and operate external penetration tests, and lead remediation of findings end-to-end. Perform secure code reviews and partner with developers on fixes, not just filing tickets, but pairing on solutions. Harden cloud infrastructure and runtime environments, including container security, network policies, secrets management, and least-privilege access controls. Evaluate security risks of portfolio companies. What we look for BSc. or MSc. in Computer Science or comparable degree. At least 5 years of experience in software engineering and infrastructure with focus on security. Exceptional problem-solving abilities, effective communication, and teamwork skills. You should be strong in Backend & Application Security Engineering and at least one of the remaining three skill sets: Backend & Application Security Engineering (required) Strong proficiency in Go (or motivation to learn it); experience with Python is a plus. Experience building secure backend services, APIs, and security-sensitive application features (auth, access control, data protection). Hands-on experience with threat modeling methodologies (e.g., STRIDE) and secure design reviews. Experience with security testing tools (SAST, DAST, SCA) such as Semgrep, CodeQL, Snyk, or Burp Suite. Deep understanding of OWASP Top 10, common vulnerability classes, and secure coding practices. Security & Compliance Engineering Experience implementing and automating security controls in cloud environments (AWS preferred). Familiarity with PCI DSS standards and compliance lifecycle management. Understanding of IAM, network security, encryption, and secure SDLC practices. Experience with cloud-native security tools (e.g., AWS Security Hub, GuardDuty, CloudTrail). Experience with security audits, risk assessments, and evidence collection. Cloud Infrastructure (AWS) Strong hands-on experience with AWS services such as IAM, VPC, ECS/EKS, and Lambda. Experience with Infrastructure as Code tools (Terraform, CDK, or CloudFormation). Understanding of container security, secrets management, and CI/CD hardening. Experience with observability, monitoring, and cloud compliance automation. Infra & CI/CD Experience setting up secure CI/CD pipelines and tooling (Terraform, Docker, etc.). Setup and management of large-scale applications using Kubernetes on AWS. Knowledge of security management, least privilege enforcement, and compliance automation.