Role Overview

As a Security Engineer, you’ll be responsible for the end-to-end security posture of our infrastructure and operations. You’ll design, implement, and maintain security controls across cloud (GCP), bare-metal Kubernetes, CI/CD pipelines, and corporate devices.

You’ll work closely with engineering, DevOps, and leadership teams to embed security best practices into development and operations, manage access control with Google Workspace, SSO, and password manager, and monitor threats.

This role requires a mix of hands-on technical expertise and strategic thinking, balancing day-to-day security operations with long-term resilience planning.

Key Responsibilities

• Own and continuously improve the security posture across infrastructure and corporate environments
• Manage and secure Kubernetes clusters, including authentication/authorisation
• Define and enforce IAM, RBAC, and secret management policies across internal services
• Monitor and respond to security alerts
• Conduct threat modelling, vulnerability assessments, and penetration testing coordination
• Harden employee workstations with disk encryption, endpoint security, and hardware-based 2FA
• Manage incident response playbooks and lead investigations when needed
• Train and support employees on security awareness, safe use of crypto custody tools, and operational hygiene
• Collaborate with DevOps to secure CI/CD pipelines, container images, and secrets management
• Stay up-to-date on emerging threats in Web3, infra, and endpoint security

Who You Are

• 5+ years of experience in Security Engineering, DevSecOps, or Infrastructure Security
• Strong expertise in Kubernetes security, RBAC, IAM, and workload isolation
• Comfortable working with Google Workspace, GCP IAM, and identity providers (OIDC/SAML)
• Proficient in securing employee devices, disk encryption, and EDR solutions
• Hands-on with YubiKey / hardware-based MFA for both infra and corporate accounts
• Familiar with incident response workflows and forensic analysis
• Excellent communication skills-able to translate complex risks into clear actions for both technical and non-technical teams

Bonus

• Experience with Web3 infrastructure security (oracles, validators, staking infra)
• Familiarity with Cloudflare WAF, DDoS mitigation, and TLS/PKI management
• Background in compliance: ISO27001, SOC2, or/and CCSS
• Contributions to open-source security tools or Kubernetes security projects
• Cloud, Kubernetes, or Security certifications (e.g., GCP Professional Cloud DevOps Engineer, CKA/CKS, CISSP, etc.)