Cybersecurity Specialist / Security Engineer

We are seeking a skilled Cybersecurity Specialist to help design, implement, and maintain the security architecture of our platform. You will be responsible for protecting our systems, user data, APIs, and cloud infrastructure while ensuring compliance with modern security best practices and regulatory standards.

You will work closely with the founders and development team to proactively identify vulnerabilities, implement secure development processes, and prepare the platform for real-world usage at scale.

Key Responsibilities

• Design and implement security architecture for web and cloud-based applications
• Perform vulnerability assessments and penetration testing
• Secure REST APIs, authentication systems, and user data flows
• Implement secure authentication and authorization (OAuth2, JWT, RBAC, MFA)
• Establish encryption standards for data at rest and in transit (TLS/HTTPS)
• Conduct security audits and threat modeling
• Monitor systems for breaches, suspicious activity, and anomalies
• Develop and enforce secure coding and DevSecOps practices
• Configure firewalls, rate limiting, and intrusion detection/prevention systems
• Guide the team on security awareness and best practices
• Assist in preparation for compliance requirements (GDPR, data protection, and privacy standards), * Opportunity to shape the security foundation of a global platform from an early stage
• Flexible remote work environment
• Equity participation opportunities based on contribution
• Direct collaboration with founders and core technical team
• A long-term role as the platform scales internationally

Do you have experience in SaaS?, * Strong understanding of web application security (OWASP Top 10)

• Experience securing SaaS platforms or cloud-hosted applications
• Knowledge of authentication frameworks (OAuth2, OpenID Connect, JWT)
• Experience with API security and token management
• Familiarity with cloud environments (AWS, Azure, or Google Cloud)
• Understanding of encryption protocols and key management
• Experience with penetration testing tools (e.g., Burp Suite, Metasploit, Nmap, Wireshark)
• Knowledge of CI/CD security and DevSecOps practices
• Familiarity with container security (Docker) is a plus

Preferred Qualifications

• Previous experience in startup or early-stage product development
• Knowledge of GDPR and international data protection regulations
• Security certifications (CEH, CompTIA Security+, CISSP, or equivalent) are a plus
• Ability to work independently and document security processes clearly

LYON INC is a UK-registered technology company developing a next-generation digital management platform that integrates social media management, AI-driven analytics, workflow automation, and brand/website management into a single ecosystem. Our platform is designed to help businesses and creators manage and automate their digital operations from one centralized and intelligent interface. As we move toward public launch, security and data protection are core priorities for our infrastructure and product design.