Contribute to application and infrastructure security across the platform, supporting production launch and long-term scaling
Help harden authentication (OAuth/session handling) and API authorization patterns, including multi-tenant access control
Configure and maintain IAM policies, service accounts, and least-privilege access controls across cloud infrastructure
Secure data flows including file uploads, signed URLs, database access, and secrets management
Set up and maintain security monitoring, logging, and alerting systems
Build and maintain security tooling integrated into CI/CD pipelines, including SAST, DAST, and dependency scanning
Perform regular security assessments, dependency audits, and penetration testing
Support incident response and contribute to root cause analysis
Collaborate with the engineering team on secure development practices and help document security controls and incident response procedures
Requirements
Bachelor's degree or higher in computer science, information security, or a related field
8+ years of experience in application or infrastructure security roles
Hands-on experience securing production web applications, preferably in Node.js/Next.js environments
Familiarity with cloud security on GCP or equivalent platforms, including IAM, VPC, IAP, Secret Manager, and Cloud Armor
Solid understanding of OAuth, session security, and multi-tenant authorization patterns
Experience with security scanning tools (SAST, DAST, dependency scanning) and integrating them into CI/CD workflows
Ability to work confidently in a rapidly changing, fast-paced and results-oriented corporate environment where a high degree of flexibility is required
Excellent written and verbal communication skills in English