[Hiring] Security Engineer @Laravel

Role Description

This role involves strengthening Laravel's security by improving how we secure our infrastructure, applications, and operations as we continue to scale.

• Part of Laravel’s Security & Compliance function within Engineering
• Hands-on role with broad scope, spanning cloud and SaaS security, vulnerability management, compliance support, security operations, and developer enablement
• Work closely with engineering, product, and operations teams
• Embed security into everyday workflows

Your 12-Month Mission:

• Within your First 30 Days: Learn Laravel’s systems, products, and security landscape, build strong working relationships, and identify the most important risks and opportunities.
• By Day 60: Deliver visible wins — improving access controls, tightening configurations, reducing known vulnerabilities, and supporting audits or compliance requirements with confidence.
• By Day 90: Drive meaningful progress on larger initiatives: strengthening cloud security posture, improving vulnerability management workflows, and helping teams ship more securely by default.
• At the end of Year One: Become a trusted security partner across the company.

What You Will Do:

• Own security operations across cloud infrastructure, SaaS platforms, and internal systems
• Strengthen cloud and infrastructure security, including identity, access control, network controls, logging, and data protection
• Identify, prioritize, and remediate vulnerabilities using scanning, monitoring, and reporting tools
• Partner with engineering teams on application and platform security, threat modeling, and secure configuration
• Support compliance efforts across frameworks such as ISO 27001, SOC 2, PCI-DSS, HIPAA, and GDPR
• Manage and collaborate on bug bounty and security research, triaging findings and supporting remediation
• Respond to security and privacy requests, including abuse reports, phishing, DMCA takedowns, and GDPR requests
• Automate wherever possible, improving security processes through scripting, CI/CD, and infrastructure-as-code

Qualifications

• Experience in security operations, information security, or application security engineering
• Practical experience securing cloud environments (AWS preferred) and SaaS platforms
• Strong understanding of web application security, secure development practices, and OWASP Top 10
• Familiarity with security and privacy frameworks such as ISO 27001, SOC 2, HIPAA, GDPR, and NIST
• Ability to work across teams, communicate clearly, and take ownership of outcomes
• Comfort operating in ambiguous situations and applying judgment where playbooks don’t exist
• Experience with the Laravel framework and ecosystem is a significant plus.

Requirements

• Experience building security automation and operational tooling
• Familiarity with CI/CD pipelines and infrastructure-as-code
• Hands-on experience with bug bounty programs
• Security certifications such as CISSP, CCSP, or similar
• A degree in Cybersecurity or a related discipline

Benefits

• Fully remote, EU Based
• Small tight-knit team where every developer counts
• Fully remote and globally distributed working environment
• Option to attend Laracon conferences around the world
• Health care plan (Medical, Dental & Vision)
• Paid time off (Vacation, Sick & Public holidays)
• Family leave (Maternity, Paternity)
• Pension plans (As locally applicable)
• Performance based bonus plan
• Company equity