Security Engineer

Ready to Use Your Security Expertise to Build Secure-by-Design Software and Fortify Technical Defenses?

Join Avertro, a venture-backed cybersecurity startup building a platform that empowers security leaders to manage cyber risk with confidence. We’re on the lookout for a talented Security Engineer who is passionate about integrating deep technical security principles directly into the software development lifecycle and strengthening our corporate cyber defenses.

We’re solving one of the industry’s biggest challenges: turning raw security and business data into clarity for decision-makers. If you're a hands-on engineer who thrives at the intersection of development and defense, this is your chance to contribute to a world-class, intrinsically secure SaaS product and protect our critical infrastructure.

✨ The Opportunity

As a Security Engineer at Avertro, you will be a key player in ensuring our platform remains secure, scalable, and resilient. You will embed hands-on security controls, champion advanced secure coding practices, and lead initiatives to automate security tasks across the organisation. Your work will directly influence our platform's security architecture and the robustness of our internal systems. You’ll join us at a critical growth stage, where our platform is live with enterprise customers and rapidly extending its capabilities.

🧩 What You’ll Do

• Application Security (AppSec): Perform hands-on static and dynamic analysis (SAST/DAST), collaborate on code reviews, and conduct penetration testing to proactively find and eliminate vulnerabilities in our core platform and APIs.
• Cloud Infrastructure Security: Architect, implement, and automate technical security controls for our AWS environment, focusing on least privilege, network segmentation, and hardening of services (e.g. Lambda, ECS, S3).
• Security Architecture & Design: Partner with engineering teams to perform in-depth security architecture reviews and design secure-by-default features from conception.
• Automated Security Tooling: Design and build automation scripts and tools to continuously monitor security posture, manage secrets, and streamline deployment of security agents.
• GRC Automation & Engineering: Design, implement, and maintain automated controls, continuous monitoring, and evidence collection pipelines to ensure systematic compliance with security frameworks (e.g., SOC 2, ISO 27001) and internal security policies.
• Security Operations & Incident Response: Enhance logging, monitoring, and detection capabilities (SecOps). Lead the technical investigation, containment, and remediation of security incidents across corporate and product environments.
• Identity and Access Management (IAM): Own and optimize technical IAM policies and systems across product and corporate accounts to enforce robust Zero Trust principles.

🔍 What We’re Looking For

• Proven experience as a Security Engineer, Software Engineer, DevOps Engineer, or a similar hands-on technical role.
• Deep expertise in applying cybersecurity principles, common vulnerabilities (e.g., OWASP Top 10), and practical mitigation techniques in a cloud-native environment.
• Strong experience with secure coding practices and security testing in a modern stack (e.g., React, Node.js, Python, GraphQL).
• Practical experience translating compliance requirements (such as SOC 2 or ISO 27001) into technical security controls and engineering solutions for automated evidence collection and auditing.
• Demonstrated proficiency in AWS security, including IAM, VPC, security groups, and using Infrastructure-as-Code (Terraform/CloudFormation).
• Hands-on experience with security tools such as SAST/DAST scanners, vulnerability management platforms, and SIEM/logging solutions.
• Strong communication skills to articulate complex technical risks and collaborate effectively across engineering and product teams.

 Bonus Points

• Experience in a scaling startup or high-growth B2B SaaS environment.

💥 Why You’ll Love Working With Us

• Grow with us: Your career will progress in line with the company’s growth.
• Be part of a venture-backed startup solving a mission-critical problem in cybersecurity.
• Join a collaborative, high-trust team that values autonomy and curiosity.
• Flexible working hours as long as you meet your commitments.
• Competitive package: salary and equity options.
• Influence the product and strategic direction of the company as one of our early hires.
• Grow with us: Your career will progress in line with the company’s growth.

✨ Interested?

If you love solving complex problems and want your work to have real-world impact, we’d love to hear from you.

Please note, only shortlisted candidates will be contacted. No agencies please.