Senior Security Engineer
Listed on 2026-06-30
-
IT/Tech
Cybersecurity, Security Management & Operations
We are looking for a T-shaped Senior Security Engineer with strong depth in application security and cloud-native infrastructure security. You will work hands‑on across Go services, AWS, Kubernetes/EKS, Istio, CI/CD, and compliance-driven technical controls to make security part of how we build, deploy, and operate software.
This is an engineering-first security role. You should be comfortable moving across the stack - from code review and threat modeling to IAM, Kubernetes policy, service mesh security, and secure delivery pipelines - while going deepest on application security and cloud security.
Our main application stack is written in Go.
What you’ll do:Own and improve application security across the SDLC, including secure design reviews, threat modeling, security-focused code review, and CI/CD-integrated SAST, SCA, and secrets scanning.
Harden our AWS and Kubernetes/EKS environment, including IAM, network segmentation, workload identity, secrets management, admission control, and runtime security controls.
Secure and improve our Istio service mesh, including mTLS, authorization policies, ingress/egress controls, and service-to-service security patterns.
Build security guardrails as code, including policy-as-code, paved-road patterns, reusable templates, and self‑service tooling that helps developers move quickly and safely.
Improve software supply‑chain security through controls such as image signing, SBOMs, dependency visibility, artifact provenance, and secure build/release practices.
Drive vulnerability management end to end: triage, exploitability‑based prioritization, remediation coordination with SRE and product engineering, and follow‑through on penetration test findings.
Build and operate technical controls that support HIPAA and SOC 2, including access control, encryption, audit logging, evidence automation, and secure handling of sensitive health data.
Help shape the full lifecycle of security services, from design and deployment to operation, measurement, and continuous improvement.
5+ years of experience in security engineering, cloud security, application security, or software engineering with a strong security focus.
Strong hands‑on application security experience, including threat modeling, secure code review, API security, and OWASP API Top 10 risks.
Production experience securing AWS and Kubernetes/EKS environments.
Hands‑on experience with Istio security in production or production‑like environments.
Strong coding ability in Go or Python. You are comfortable building tools, automation, and integrations when needed.
Experience with CI/CD security and infrastructure as code, such as Terraform, ArgoCD, or Git Ops workflows.
Experience with Kubernetes policy and networking tools such as Kyverno, OPA, Cilium.
Ability to translate security, privacy, and compliance requirements into practical technical controls.
At least one experience working with regulated environments such as HIPAA, SOC 2, or ISO 27001.
Ownership mindset: you can take a project from concept through rollout and operational maturity.
Strong written and spoken English.
Supply‑chain security tooling such as Cosign, sigstore, SBOMs, or image signing.
Offensive security experience, penetration testing, or bug bounty work.
Competitive salary package commensurate with experience, plus stock options.
The equipment you need to do your job.
21 days annual leave, plus bank holidays.
Office in Limassol (Hybrid Work Format) or Remote Option for Candidates Residing Outside of Cyprus.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).