Senior Security Engineer

• You'll enable our sales team to confidently answer security questionnaires as we pursue enterprise clients
• You'll work in the SRE team, with close collaboration with SWE teams and exposure to most if not all department leaders
• You'll reduce business risk in a fast-scaling environment where security incidents can damage trust and revenue

What you'll do

️ Hands-on Security Engineering (60% of your time)

Immediate priorities (first 3-6 months):

• Harden our AWS infrastructure and application security

• Audit and improve IAM configurations and policies
• Enhance WAF rules to block sophisticated attacks
• Implement automated security scanning in CI/CD pipelines (SAST/DAST)
• Work with the SRE team to secure our Kubernetes clusters and container images
• Drive and maintain state-of-the-art security posture across backend, frontend, and user data management in collaboration with SWE teams, ensuring best-in-class protection for our systems and users.

• Strengthen authentication infrastructure and identity management

• Deploy and configure email security solutions within existing Google Workspace
• Deploy and enforce strong authentication methods across the organization's applications and services (SSO, MFA)
• Create automated alerting for suspicious behaviors patterns using Grafana/ELK

• Establish vulnerability management

• Set up automated vulnerability scanning for infrastructure and applications (leveraging open-source tools as much as possible)
• Create a prioritised remediation workflow integrated with the engineering team's sprint cycles
• Implement dependency scanning for our Python/Django backend and React frontend
• Expand secrets detection coverage

• Incident response and monitoring

• Design and implement security alerting using our existing Grafana/ELK stack
• Create runbooks for common security incidents (data leaks, phishing, unauthorized access)
• Respond to security incidents and conduct post-incident reviews
• Handle customer security inquiries and support sales with security questionnaires

Security Culture & Training (40% of your time)

Build security awareness across 200 employees:

• Design and deliver security training programs

• Create engaging, practical security training for all employees
• Develop role-specific training (engineering, sales, customer success, operations)
• Run simulated phishing campaigns and use results to improve training
• Conduct quarterly security awareness sessions

• Hardware and endpoint security management

• Define and enforce security standards for employee devices (Mac, Linux, Windows)
• Work with IT/HRs to ensure secure device provisioning using Primo
• Implement endpoint protection and mobile device management policies
• Create security baseline configurations for different roles
• Manage device lifecycle security (onboarding, off-boarding, lost/stolen devices)

• Security champion network

• Identify and train security champions in each department
• Create self-service security documentation and guidelines
• Foster a culture where security is everyone's responsibility, not a blocker

• Policy and governance

• Develop pragmatic security policies that balance security with business needs
• Create incident response procedures that the entire company understands
• Establish a security review process for vendor and third-party tools
• Maintain security documentation and update it as we scale

Do you have experience in Terraform?, * 5+ years in security engineering, infrastructure security, or security software engineering roles

• Strong hands-on experience with AWS or GCP security (IAM, security groups, WAF, etc.)
• Deep understanding of application security (OWASP Top 10, secure coding, API security)
• Experience building security programs from scratch in fast-growing startups or scale-ups
• Proven track record in incident response and handling data breach scenarios
• Good programming skills (at least one of Python, Typescript, Golang)
• Experience with infrastructure security (Kubernetes, container security, IaC security)
• Prior experience training employees on Security

Strong bonus points

• Experience with GDPR compliance and data protection regulations
• Background in penetration testing or offensive security
• Familiarity with our tech stack (Django, React, PostgreSQL, Terraform)
• Experience responding to security questionnaires for enterprise sales
• SOC2 or ISO27001 implementation experience

Technical environment

• AWS
• Infrastructure as Code: Terraform, Helm
• Container orchestration: Kubernetes, Docker
• Monitoring: Grafana, ELK stack
• Backend: Python Django, FastAPI, Celery
• Frontend: React, TypeScript (mono-repos, module federation)
• Databases: PostgreSQL, Redis, RabbitMQ, Kafka
• CI/CD: GitLab CI, ArgoCD

We believe great work comes from happy, supported people-that's why we offer meaningful perks designed to promote balance, growth, and connection.

Attractive compensation package Competitive salary packages based on your experience and role.

Work-Life harmony Hybrid model with remote days to support balance and flexibility.

Work from anywhere Enjoy up to 15 days of remote work from abroad each year.

️ Private health insurance We offer fully-funded Alan private health coverage so you can focus on what matters most.

bsport is an all-in-one platform combining boutique fitness and advanced technology. Our platform helps partners manage their bookings, payroll, marketing and more, to streamline operations and boost their commercial success. Since we launched in 2019, we've achieved remarkable growth: * Built a community of over 10 million users * Closed a €30 million Series B in December 2024 * Grown to over 200 employees across Europe We're scaling rapidly to become the #1 tech partner for boutique studios in Europe and beyond. With this growth comes the critical need to strengthen our security posture, protect our users' data, and build a security-first culture across the organization.