At Qdrant, security is not just a checkbox; it is a core feature of our high-performance vector database. As our Security Officer, you will be the strategic lead and technical executor of our security posture. You will bridge the gap between high-level compliance (SOC 2, GDPR, HIPAA, …) and deep-tier engineering. Your mission is to further evolve and scale our security culture with the existing "Security Champions" program while remaining hands-on with architectural risk assessments and Cloud infrastructure hardening. You aren't just managing a backlog — you are building the foundation that allows Qdrant to scale safely.
Location
This role is remote and open to candidates located in Europe.
Candidates must demonstrate a mastery of European regulatory landscapes; this geographical preference is based on the technical requirements of the role rather than citizenship.
Tasks
* Backlog & Strategy: Own and prioritise the Security Backlog, translating high-level threats and compliance needs into actionable engineering requirements for the development teams.
* Security Champions Program: Lead and evolve our existing Security Champions initiative, mentoring engineers to perform internal security reviews and ensuring security is a distributed responsibility rather than a bottleneck.
* Architectural Risk Management: Conduct formal Architectural Risk Assessments on critical components (e.g., Cloud RBAC, JWT, Inference) to ensure security is "baked-in" during the design phase of the SDLC.
* Compliance & Audits: Maintain our "always-audit-ready" status using Drata and HeyData. You will oversee annual SOC 2 audits, GDPR requirements, and drive our OWASP SAMM roadmap toward a maturity score of 1.0.
* Multi-Cloud Security Governance: Oversee security posture management across AWS, GCP, and Azure; leading technical compliance audits and implementing automated identity and access management (IAM) to ensure infrastructure resilience.
* Vulnerability Management & Pentesting: Manage the bi-annual penetration testing lifecycle, coordinate with external security researchers (Bug Bounty Program), and ensure timely remediation of findings in coordination with the development teams.
* Sales & Growth Support: Act as the subject matter expert for customers, completing detailed security questionnaires and ensuring our marketing vendor ecosystem remains compliant.
Requirements
Must-have
* Experience: 5+ years in Security Engineering, DevSecOps, or as a Security Officer in a cloud-native SaaS environment.
* Cloud Proficiency: Technical knowledge of AWS, GCP, Azure (IAM, Multi-AZ architectures, Trusted Advisor, etc.).
* Regulatory & Policy Fluency: Practical experience maintaining SOC 2 Type II, HIPAA, and GDPR. You can architect a unified security policy framework that satisfies multiple compliance standards simultaneously, reducing operational overhead for the engineering team.
* Risk Assessment Skills: Ability to perform threat modeling and architectural risk classification on complex distributed systems.
* Communication: Strong stakeholder management skills; you can advocate for security resources during quarterly capacity planning and explain P0 risks to leadership.
* Self-Starter: The ability to move from "reading the exact policy" to "investigating the code" to provide an informed response to technical queries.
Nice-to-have
* Familiarity with the OWASP SAMM framework.
* Experience using automated compliance tools like Drata or Vanta.
* Background in Rust or high-performance database environments.
* Professional certifications such as CISSP, CISA, or CCSP (Certified Cloud Security Professional), or advanced security-focused certifications from major cloud providers (e.g., AWS Certified Security – Specialty, Azure Security Engineer, or Google Professional Cloud Security Engineer).
* Experience navigating the AWS Foundational Technical Review (FTR).
Benefits
* Competitive salary, equity, and benefits
* Fully remote setup with flexible working hours
* Clear ownership of reliability and operational excellence
* Opportunity to work on mission-critical customer-facing infrastructure
* Strong collaboration with platform and engineering teams
If you enjoy de-risking complex cloud architectures and scaling security through a culture of shared responsibility and technical rigor, we’d love to hear from you.