Role Description Fireflies.ai is looking for a hands-on Security Engineer to protect our infrastructure, product, and user data as we scale globally. This role is ideal for someone who can ship code, automate security workflows, triage vulnerabilities, and work closely with engineering teams to build secure systems. - Build and improve security controls across our product, backend, and infrastructure. - Review code, architecture, and infrastructure for security risks. - Run vulnerability assessments, penetration testing, and security audits. - Debug and patch security issues in backend systems. - Manage bug bounty triage and remediation workflows, including HackerOne. - Automate security checks, alerts, and vulnerability workflows. - Partner with engineering teams to promote secure coding practices. - Support incident response and security investigations. - Configure and maintain security tools such as firewalls, IDS/IPS, scanners, and monitoring systems. Qualifications - 3+ years of experience in security engineering, backend security, or infrastructure security. - Strong backend development experience with Node.js/TypeScript. - Ability to ship code end-to-end. - Good understanding of authentication, authorization, cryptography, and common vulnerabilities. - Experience with security testing tools such as Burp Suite, Metasploit, Wireshark, or similar. - Experience with cloud security, preferably GCP or AWS. - Familiarity with Kubernetes, Docker, and modern infrastructure security. - Strong problem-solving and communication skills. Requirements - Experience with SaaS or high-growth startup environments. - Bug bounty program experience. - Experience with SOC 2, HIPAA, GDPR, Vanta, or GitHub Advanced Security. - Contributions to the security community, such as CVEs, talks, or open-source work. - Experience with DevSecOps or security automation. Benefits - Competitive compensation. - Work remotely anywhere in your respective country. - Ability to move laterally within a team and grow rapidly. - Paid time off and flexible leave policy. - No boss culture. - Flexible working hours. - LGBTQ+ friendly. - Company offsites. - Tech reimbursements.

• Advising clients from the private sector and public sector on information security, IT security and incident/emergency management • Analyzing existing security architectures and IT infrastructures with respect to ISO 27001, BSI IT-Grundschutz and other relevant standards and guidelines • Independently developing security concepts, risk analyses and tailored solutions while taking regulatory requirements into account • Establishing and further developing information security and incident/continuity management systems in close coordination with stakeholders • Advising on regulatory requirements (DORA, NIS2, BAIT, VAIT, MaRisk, KRITIS) • Preparing, maintaining and enhancing security documentation as well as conducting trainings and awareness measures • Technical leadership of project teams and mentoring of colleagues

• administer and secure enterprise email gateway systems • administrate and maintain Cisco IronPort Secure Email Gateway (SEG) appliances • manage AsyncOS configurations, upgrades, and system performance • implement and enforce email security policies (anti-spam, anti-malware, data loss prevention) • monitor, analyze, and respond to email threats and incidents • perform message tracking, reporting, and log analysis • apply firmware updates, patches, and security enhancements • support and administer Microsoft 365 (Exchange Online) • assist in email platform integration, migration, or coexistence strategies • collaborate with enterprise teams to ensure secure mail flow and policy alignment • install and configure network hardware and supporting infrastructure • utilize ServiceNow for incident, change, and request management • diagnose and resolve email delivery, connectivity, and security issues • conduct log analysis and root cause investigations • monitor system health and respond to alerts and incidents • partner with Cybersecurity teams on threat mitigation and response • maintain accurate system documentation, configurations, and procedures • collaborate with Cybersecurity, Network, and Enterprise Messaging teams • support audits, compliance requirements, and continuous improvement efforts

• Support the Federal Aviation Administration (FAA) Office of Information Technology (AIT) Infrastructure & Operations (I&O) Services under the ITIPSS contract • Provide network perimeter security, support enterprise infrastructure, coordinate security audit remediation initiatives across AIT Network Infrastructure and Enterprise Services teams • Support and maintain firewalls (including CheckPoint and Fortinet) • Administer, configure, and troubleshoot network infrastructure including Aruba ClearPass, NAC Bluecoat, Web Filters/Zscaler, Infoblox, IronPort Mail Relays • Maintain TIC/Internet Access Providers (IAPs), web filtering, external email routing, and IPv6 upgrades • Coordinate with FAA Information Security and Privacy for certification, accreditation, and other security initiatives • Conduct network troubleshooting and provide support for enterprise network infrastructure • Serve as a documentation specialist for the FAA Security Audit initiative