Senior Security Engineer

We are looking for a Senior Security Engineer to help strengthen and scale Runware's security posture as we grow our AI inference platform and expand our enterprise customer base. This role has clear ownership over security controls, compliance execution, and day-to-day security engineering, including driving SOC 2 and ISO 27001 compliance from end to end. You will work closely with engineering, infrastructure, and leadership to ensure security is built into how we design, build, and operate the platform. This is a hands-on role for someone who enjoys balancing pragmatism with rigour, can operate independently, and is comfortable working in a fast-paced, high-change environment.

What you’ll do:

• Own and drive SOC 2 and ISO 27001 compliance, including control design, implementation, evidence collection, audits, and continuous improvement.
• Translate compliance requirements into practical, scalable engineering and operational controls.
• Partner with infrastructure and engineering teams to embed security into system design and delivery.
• Maintain and evolve Runware's security policies, standards, and risk register.
• Lead security reviews of systems, architectures, and changes with a focus on real-world risk.
• Support incident response, including investigation, containment, and post-incident learning.
• Improve security visibility across the platform (logging, monitoring, alerting, audit trails).
• Own vendor and third-party security assessments and questionnaires.
• Help establish and mature secure development practices (access control, secrets management, least privilege, change management).
• Act as a security mentor and point of reference for engineers across the organisation.

Requirements:

• Strong experience in security engineering, infrastructure security, or a closely related role.
• Proven, hands-on experience delivering SOC 2 and/or ISO 27001 in a production environment.
• Strong understanding of cloud security fundamentals (IAM, networking, encryption, key management).
• Experience working with modern cloud platforms, CI/CD pipelines, and containerised workloads.
• Ability to assess risk pragmatically and prioritise controls that actually reduce it.
• Experience responding to and managing security incidents in real systems.
• Comfortable working across engineering, product, and leadership stakeholders.
• Clear communicator, especially when explaining security trade-offs and decisions.
• Ability to operate independently and take ownership in a remote-first environment.

Nice to have:

• Experience securing high-performance or distributed systems.
• Familiarity with compliance tooling and evidence automation.
• Knowledge of infrastructure as code (Terraform, Pulumi, etc.).
• Experience with vulnerability management, penetration testing, or bug bounty programs.
• Background in startups or scaling companies.

Benefits:

• We are a remote-first collective, meeting in person twice a year to plan, brainstorm, celebrate wins, and enjoy some face-to-face time.
• We have core hours for cooperative working and calls, but outside of that your calendar is yours. Work the hours that let you perform at your peak while also building a healthy life.
• Our release cycles are fast and intense, but they are followed by real downtime. After big pushes we expect the team to unplug, recharge, and come back ready and stronger than ever for the next leap.
• Generous paid time off - vacation, sick days, public holidays.
• Meaningful stock options - share in the upside you create.
• Remote-first setup - work from home anywhere we can employ you.
• Flexible hours - own your schedule outside core collaboration blocks.
• Family leave - paid maternity, paternity, and caregiver time.
• Company retreats - twice-yearly gatherings in inspiring locations.