• Accompagner la démarche Prévention des risques du département • Mettre en œuvre la politique Handicap et Inaptitude du département et l'animer avec les acteurs clés

• Conduct investigations into anomalous events and behaviors that may pose risk to the company • Contribute to the design and development of detection and investigation capabilities • Analyze threat intelligence and develop use cases • Conduct data analysis and execute complex investigations • Drive detection engineering and write reports • Advise on preventative controls and collaborate with internal teams for coordinated efforts • Prepare investigative reports and briefings for leadership • Maintain chain-of-evidence and engage with External Law Enforcement as needed • Lead training or education and awareness initiatives for the enterprise

• Partner with engineers to identify, triage, and remediate security issues in product features and services • Participate in security reviews and threat modeling for new features and systems • Perform security-focused code reviews and help identify common vulnerabilities • Contribute to secure-by-default patterns, libraries, and tooling in our TypeScript-based stack • Help implement and operate security tooling (SAST, DAST, dependency scanning, etc.) • Support vulnerability management workflows, including internal findings and bug bounty reports • Assist in investigating security issues and assessing risk and impact • Collaborate with platform and infrastructure teams to improve application and cloud security posture • Assist in identifying and mitigating risks in AI/LLM-powered features • Contribute to security guidance, documentation, and training for engineering teams

Role Description Seeking a development & cloud focused Senior Security Engineer to join our expanding security team. The ideal candidate will have passion for AppSec, Cloud and AI. They will be a skilled communicator and relationship builder capable of promoting and building security practices across the organization and into our development processes. What You’ll Own: - Partner with different areas within Karbon - Ensure security is embedded from feature design and development to participating in design reviews and threat modelling. - Balance Security and Delivery - Communicate security risks and issues to non-technical stakeholders, understanding when to push back and when to compromise. - Keep up to date on the latest technologies and approaches - Understand the importance of foundational security practices while being excited by new developments. - Identify and assess security risks introduced by AI tools - Assist with reviewing the risks of AI tooling usage & integration and AI-generated code. - Apply AI-assisted tooling to accelerate security work - Utilize AI across areas including triage, threat detection, code review, and documentation. - Flexibility and confidence to work across multiple security domains - Gain exposure to various security domains within a fast-moving company. - Work effectively as part of a team - Build relationships and trust across the organization to enhance Karbon’s security posture. - Own your work - Take pride in your work and ensure customer data security. - Bring your passion and personality - Contribute creativity, curiosity, and authenticity to the team. - Help us measure improvement and steer our roadmap - Contribute to Security Metrics to track progress and feedback into our roadmap. Qualifications - 4+ years experience in a security or development role across most of the following: - Collaborating with teams to review designs & implementations for security issues. - Triaging issues and reports, assisting teams to remedy items and testing fixes. - Working with external penetration test companies to validate and prioritize findings. - Conducting risk and vulnerability assessments of web applications and APIs. - Configuring and tuning SAST, SCA and DAST Tooling. - Working with build/deployment pipelines to incorporate security tooling. - Assisting with implementing security-focused alerting and detections. - Conducting and facilitating organizational & developer-focused security training. - Assisting with operational security items such as EDR alerts and MDM. - Contributing to our security roadmap. - Strong communication skills (spoken and written). - Some of the following Languages/Frameworks: Microsoft .NET/C#, JavaScript (React and EmberJS), Python. - At least one cloud platform: Azure, AWS or GCP (predominantly Azure). - Working knowledge of PowerShell or Bash and Python. - Working knowledge of at least one AI development tool (e.g., Claude Code, GitHub Co-Pilot). - Portswigger Burp or similar. - Certifications such as Offsec OSCP & AWAE, GIAC, Burp Practitioner, PJPT, Microsoft/AWS development and cloud related are nice to have. - Experience with securing AI applications, systems, and AI tooling would be highly regarded. Benefits - Gain global experience across Australia, New Zealand, UK, and Canada. - Strong benefits package including: - Flexible Time Off with an encouraged 4 weeks use per year. - Company paid medical for you and eligible spouse/partner and dependents. - Paid dental and vision for you and eligible spouse/partner and dependents. - 401(k) with company matching. - Flexible Spending Account. - Up to 8 weeks paid parental leave. - Work-from-home stipend. - Work with (and learn from) an experienced, high-performing team. - A collaborative, team-oriented culture that embraces diversity, invests in development, and provides consistent feedback. - Be part of a fast-growing company that promotes high performers from within.