Senior AppSec Engineer focusing on application security in Geneva. Involved in WAF configuration, tuning, and deployment in a demanding environment.
About the role
- As a Staff Security Engineer, build hx's security function while integrating security into engineering workflows. Collaborate across teams to ensure secure architecture and compliance.
Responsibilities
- Build hx's security programme from the ground up, setting direction for security architecture, compliance, and incident response as we scale globally.
- Design and implement security controls across AWS cloud infrastructure, Kubernetes workloads, and our multi-product platform, ensuring systems are secure by design.
- Integrate security into engineering workflows by embedding automated security testing, vulnerability management, and threat detection into CI/CD pipelines without slowing teams down.
- Lead or contribute to compliance initiatives (SOC2, ISO27001) by implementing technical controls and working cross-functionally with legal, engineering, and business teams to enable enterprise sales.
- Build security automation and tooling by writing code and scripts that scale security practices, detect vulnerabilities, and enforce policies efficiently.
- Partner with Engineering Managers, Principal Engineers, and Product Managers to embed security thinking early in design and architecture decisions.
- Act as a trusted voice in critical moments: responding to incidents, unblocking teams on security questions, and keeping high-stakes initiatives secure and on track.
- Assess and secure AI-powered systems across hx's platform, implementing controls that enable safe adoption of AI while mitigating risks like prompt injection, data leakage, and model vulnerabilities.
Requirements
- Built or significantly contributed to security programmes from the ground up, establishing foundational security controls, compliance readiness, and incident response capabilities.
- Designed and implemented security architecture for cloud-based distributed systems (AWS or equivalent), including multi-account strategies, identity and access management, network security, and data protection.
- Driven technical security improvements by writing code, building tools, and implementing controls that scaled with company growth.
- Integrated security into development workflows through DevSecOps practices including automated testing, secrets management, container security, and infrastructure-as-code security.
- Led or supported compliance initiatives (SOC2, ISO27001, GDPR, or similar), mapping technical controls to compliance requirements and guiding teams through audit cycles.
- Built trust with engineering teams by contributing technically and making security collaborative and frictionless.
- Balanced security rigor with business goals, making risk-based trade-offs that enabled growth while protecting customers and the business.
- Evaluated security implications of AI/ML systems, including understanding AI-specific risks and implementing controls to secure them.
Benefits
- £5,000 training and conference budget for individual and group development.
- 25 days of holiday plus 8 bank holidays (33 days total).
- Company pension scheme via Penfold.
- Mental health support and therapy via Spectrum.life.
- Individual wellbeing allowance via Juno.
- Private healthcare insurance through AXA.
- Income protection and Life Insurance.
- Cycle to Work Scheme
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Vehicle Cyber Security Engineer responsible for security measures in bus systems at Daimler Buses. Conducting risk analyses, developing security concepts, and collaborating with international partners.
Tech Lead for Product Security Testing driving security verification and validation in embedded industrial products. Leading advanced security testing, including penetration testing and fuzzing compliance with IEC 62443 standards.
Cyber Security Project Manager overseeing IT projects focusing on cybersecurity services and solutions. Ensure the quality of documentation and contract compliance while leading technical personnel in Alexandria, VA.
Microsoft Security Engineer at Iver developing and supporting cybersecurity services with a focus on Microsoft security platforms. Collaborating within a team for continuous improvement.
Information Security GRC Program Senior Manager directing security governance, risk, and compliance functions at Kemper. Leading a team to ensure audits, exams, and control frameworks are maintained effectively.
Associate Director ICT Security overseeing the cybersecurity strategy and team leadership at PFH Technology in Dublin. Ensuring compliance and security in Ireland’s healthcare infrastructure.
VG
Senior Consultant focused on ISMS, BCM, and cybersecurity compliance at VICCON GmbH. Leading projects and collaborating with clients to enhance their information security and resilience.
GSS Officer at Itad supporting safety, security, and travel policies. Overseeing risk management and collaborating with project teams for operational support.
Install and manage fall protection systems at height, ensuring compliance with safety standards. Leadership required in overseeing teams and project delivery at construction sites.