Security Engineer
Role details
Job location
Tech stack
Job description
As a Security Engineer, you'll be part of Laravel's Security & Compliance function within Engineering, reporting to Kevin Mitsch. This is a hands-on role with broad scope, spanning cloud and SaaS security, vulnerability management, compliance support, security operations, and developer enablement.
You'll work closely with engineering, product, and operations teams, acting as a trusted partner who helps embed security into everyday workflows rather than bolting it on after the fact. Your 12-Month Mission
Imagine we're all at a Laracon in 12 months' time, and we're talking about you being an amazing hire, and everything that you have done:
Within your First 30 Days You've learned Laravel's systems, products, and security landscape, built strong working relationships, and identified the most important risks and opportunities.
By Day 60 You're delivering visible wins - improving access controls, tightening configurations, reducing known vulnerabilities, and supporting audits or compliance requirements with confidence.
By Day 90 You're driving meaningful progress on larger initiatives: strengthening cloud security posture, improving vulnerability management workflows, and helping teams ship more securely by default.
And at the end of Year One You're a trusted security partner across the company - known for your sound judgment, calm handling of sensitive issues, and ability to balance security, reliability, and developer velocity. What You Will Do
- Own security operations across cloud infrastructure, SaaS platforms, and internal systems
- Strengthen cloud and infrastructure security, including identity, access control, network controls, logging, and data protection
- Identify, prioritize, and remediate vulnerabilities using scanning, monitoring, and reporting tools
- Partner with engineering teams on application and platform security, threat modeling, and secure configuration
- Support compliance efforts across frameworks such as ISO 27001, SOC 2, PCI-DSS, HIPAA, and GDPR
- Manage and collaborate on bug bounty and security research, triaging findings and supporting remediation
- Respond to security and privacy requests, including abuse reports, phishing, DMCA takedowns, and GDPR requests
- Automate wherever possible, improving security processes through scripting, CI/CD, and infrastructure-as-code
Requirements
- Experience in security operations, information security, or application security engineering
- Practical experience securing cloud environments (AWS preferred) and SaaS platforms
- Strong understanding of web application security, secure development practices, and OWASP Top 10
- Familiarity with security and privacy frameworks such as ISO 27001, SOC 2, HIPAA, GDPR, and NIST
- Ability to work across teams, communicate clearly, and take ownership of outcomes
- Comfort operating in ambiguous situations and applying judgment where playbooks don't exist
- Experience with the Laravel framework and ecosystem is a significant plus.
Requirements - Bonus Skills
- Experience building security automation and operational tooling
- Familiarity with CI/CD pipelines and infrastructure-as-code
- Hands-on experience with bug bounty programs
- Security certifications such as CISSP, CCSP, or similar
- A degree in Cybersecurity or a related discipline
Benefits & conditions
- Small tight-knit team where every developer counts
- Fully remote and globally distributed working environment
- Option to attend Laracon conferences around the world
- Health care plan (Medical, Dental & Vision)
- Paid time off (Vacation, Sick & Public holidays)
- Family leave (Maternity, Paternity)
- Pension plans (As locally applicable)
- Performance based bonus plan
- Company equity
