• Design, build, and implement robust security architectures for all Engineering projects and systems, including future products that incorporate AI/ML technology. • Lead, maintain, and drive the multi-year security architecture roadmap, ensuring it remains dynamic and aligned with business objectives, product innovation, and the evolving threat landscape. • Develop secure frameworks for AI/ML deployments and manage the long-term transition to Post-Quantum Cryptography (PQC) standards. • Partner with product and engineering leaders to define the overarching product security strategy, ensuring security is a core enabler of product innovation and high-scale payment orchestration. • Serve as the lead security advisor for international market expansion, ensuring architecture aligns with regional data residency requirements, localized payment regulations, and international standards. • Recommend updates to corporate security policies to ensure controls grow with the business, specifically targeting compliance with PCI DSS, ISO-27001, ISO-27701, ISO-42001, and emergent payment security regulations across global markets. • Provide technical guidance for Engineering teams and lead security-related cross-functional and business-driven projects. • Stay updated on the latest security trends, threat intelligence, and attack vectors to continuously improve the security posture.

• Deliver complex technical implementations for customer projects, acting as a delivery subject matter expert • Lead the implementation of agreed technical designs produced by Solution Architects and Technical Consultants • Diagnose and resolve technical issues, ensuring high levels of customer satisfaction and solution quality • Work closely with Project Managers to meet agreed milestones, timelines, and delivery standards • Deliver technical knowledge‑transfer workshops and handover sessions to customers • Produce high‑quality post‑delivery and technical documentation • Build and maintain strong working knowledge of all products and solutions across the practice

Role Description Fireflies.ai is looking for a hands-on Security Engineer to protect our infrastructure, product, and user data as we scale globally. This role is ideal for someone who can ship code, automate security workflows, triage vulnerabilities, and work closely with engineering teams to build secure systems. - Build and improve security controls across our product, backend, and infrastructure. - Review code, architecture, and infrastructure for security risks. - Run vulnerability assessments, penetration testing, and security audits. - Debug and patch security issues in backend systems. - Manage bug bounty triage and remediation workflows, including HackerOne. - Automate security checks, alerts, and vulnerability workflows. - Partner with engineering teams to promote secure coding practices. - Support incident response and security investigations. - Configure and maintain security tools such as firewalls, IDS/IPS, scanners, and monitoring systems. Qualifications - 3+ years of experience in security engineering, backend security, or infrastructure security. - Strong backend development experience with Node.js/TypeScript. - Ability to ship code end-to-end. - Good understanding of authentication, authorization, cryptography, and common vulnerabilities. - Experience with security testing tools such as Burp Suite, Metasploit, Wireshark, or similar. - Experience with cloud security, preferably GCP or AWS. - Familiarity with Kubernetes, Docker, and modern infrastructure security. - Strong problem-solving and communication skills. Requirements - Experience with SaaS or high-growth startup environments. - Bug bounty program experience. - Experience with SOC 2, HIPAA, GDPR, Vanta, or GitHub Advanced Security. - Contributions to the security community, such as CVEs, talks, or open-source work. - Experience with DevSecOps or security automation. Benefits - Competitive compensation. - Work remotely anywhere in your respective country. - Ability to move laterally within a team and grow rapidly. - Paid time off and flexible leave policy. - No boss culture. - Flexible working hours. - LGBTQ+ friendly. - Company offsites. - Tech reimbursements.

• Advising clients from the private sector and public sector on information security, IT security and incident/emergency management • Analyzing existing security architectures and IT infrastructures with respect to ISO 27001, BSI IT-Grundschutz and other relevant standards and guidelines • Independently developing security concepts, risk analyses and tailored solutions while taking regulatory requirements into account • Establishing and further developing information security and incident/continuity management systems in close coordination with stakeholders • Advising on regulatory requirements (DORA, NIS2, BAIT, VAIT, MaRisk, KRITIS) • Preparing, maintaining and enhancing security documentation as well as conducting trainings and awareness measures • Technical leadership of project teams and mentoring of colleagues