[Hiring] Senior Security Engineer @Kiefer

Role Description

Senior Security Engineer and first dedicated security hire on the Sophea platform. You will establish security as a core engineering capability - hardening cloud infrastructure, securing AI-specific attack surfaces, embedding automated security into the development lifecycle, and enabling teams to ship fast with confidence. This is not a compliance or policy-writing role.

• Conduct security assessments and build a prioritized remediation roadmap across infrastructure and services
• Harden AWS and Kubernetes environments: IAM, network policies, workload isolation, secrets management
• Secure AI-specific attack surfaces: prompt injection defenses, PII handling in LLM pipelines, model interaction data leakage
• Embed automated security into CI/CD: dependency scanning, container image scanning, code analysis, secrets detection
• Design secure-by-default patterns for service communication, authentication, and data handling
• Build incident response capabilities: detection, alerting, response workflows, and post-incident review
• Partner with engineering teams to improve security posture without becoming a bottleneck

Qualifications

• 6-10+ years of professional security engineering experience in production environments
• Deep hands-on expertise in cloud security (AWS strongly preferred) and container/Kubernetes security
• Strong application security skills: securing APIs, microservices, auth flows, and data pipelines
• Experience with automated security tooling in CI/CD (SAST, DAST, dependency scanning, container scanning)
• Offensive security mindset: ability to think like an attacker, identify non-obvious vulnerabilities, and validate defenses
• Track record of building or significantly maturing security programs, not just operating existing ones

Requirements

• AI/LLM security experience (prompt injection, model security, PII in AI pipelines)
• CTF participation, bug bounty track record, or formal red team experience
• Offensive security certifications (OSCP, OSWE, CRTP)
• Incident response and digital forensics
• SOC2/ISO27001 compliance implementation (not just audit management)

Benefits

• Compensation: above typical backend band for Greek/EU market
• Remote: fully remote within EU, or hybrid from Athens
• Ownership: first dedicated security hire, define security standards from day one
• AI-native: real security challenges at the intersection of LLMs, enterprise data, and distributed infrastructure
• Growth: budget for conferences/courses/certifications, path to security lead / head of security
• Culture: engineering-first, low meetings, high autonomy, async-first