Role Description At Doppel, we focus on building a culture where people feel respected, supported, and trusted to do meaningful work. We value clarity, collaboration, and solving real problems for our customers and teammates. We’re looking for a Product Security Engineer to support and scale our product and cloud security efforts by embedding into engineering workflows and serving as a subject matter expert for GCP. The role partners closely with engineering teams to conduct architecture reviews, facilitate threat modeling, and support penetration testing engagements from scoping through remediation. This position contributes to the design and implementation of least-privilege IAM, helps build and maintain security guardrails through policy and infrastructure-as-code, and ensures security issues are effectively triaged, tracked, and resolved in collaboration with stakeholders. In addition to hands-on execution, the role emphasizes enablement providing guidance, documentation, and mentorship to engineers, along with clear communication and reporting to security leadership. This role is open remotely across the U.S. and Canada. What You Will Do - Partner with product and engineering teams to support security architecture reviews for product features and the GCP environment; facilitate threat modeling and document risks, existing controls, and actionable recommendations. - Coordinate and support penetration testing engagements by assisting with vendor selection and scoping, establishing rules of engagement, coordinating testing activities, validating findings, supporting severity assessment, and tracking remediation and retesting in collaboration with engineering teams. - Serve as a GCP security subject matter expert for project teams, advising on secure patterns across networking (VPC, private access, perimeter controls), data protection (KMS, secrets), compute runtimes (GKE, Cloud Run, GCE), CI/CD (Cloud Build, Artifact Registry), and logging and monitoring. - Support the implementation and ongoing improvement of least-privilege IAM in GCP by advising on role design (custom vs. predefined), service account lifecycle management, workload identity, IAM Conditions, organization and folder policy constraints, and periodic access reviews. - Assist with triage and routing of product security findings to appropriate engineering owners; help tune detection rules to reduce noise, support severity and SLA definition, and track remediation progress, including documenting justified exceptions. - Contribute to security guardrails through policy and infrastructure-as-code (e.g., org policies, constraints, reusable Terraform modules, admission or policy controllers) and support integration of pre-merge security checks into CI/CD workflows. - Develop and maintain practical documentation and runbooks (e.g., design review checklists, IAM standards, exception processes) and deliver targeted enablement sessions for engineers and product managers. - Provide visibility into progress and risk through metrics and regular status updates to security leadership; proactively surface blockers and suggest options and tradeoffs. - Coach and mentor engineers and code owners on secure-by-default coding practices and architectural patterns. Qualifications - 5–7 years of experience in product security, cloud security engineering, or a related field. - Strong knowledge of Google Cloud Platform (GCP) services and security best practices, including IAM, networking, data protection, and workload runtimes. - Hands-on experience with penetration testing coordination, threat modeling, and risk assessment. - Demonstrated proficiency in Python and cloud-native programming or scripting languages to design and maintain security automation, policy enforcement, and continuous compliance controls using Infrastructure as Code. - Familiarity with designing and enforcing least-privilege IAM and conducting access reviews. - Ability to communicate security risks and recommendations clearly to engineering and leadership audiences. Benefits - $175,000 - $200,000 USD - Meaningful equity so you share in Doppel’s success - Remote first culture with flexibility built in - Flexible PTO, comprehensive health benefits, parental leave, and more - A high growth environment where your work has immediate impact and visibility Salary Range $175,000 — $200,000 USD

• The Security Manager will be responsible for ensuring that DSV's transportation and logistics operations are in compliance with security regulations and requirements. • Develop and implement security policies and procedures to ensure compliance with regulations and requirements. • Take responsibility for coordinating the company’s response to any theft or breach of security in a cross functional manner. • Conduct site security assessments to identify potential risks and vulnerabilities. • Collaborate with the operations team to develop and implement security solutions that meet customer requirements. • Conduct security training for DSV employees and contractors. • Manage security incidents and investigations, including reporting to relevant authorities and customers. • Stay up-to-date with security regulations and requirements and provide feedback to the management team. • Conduct security audits and risk assessments of suppliers and vendors. • Support the Business Development Function as it relates to new Business. • Maintain relationships with regional law enforcement bodies to benefit from crime intelligence.

• Build and contribute to secure-by-default protections across the stack (cloud, CI/CD, applications, and endpoints) by creating paved roads and guardrails that make the secure path the easy path within your problem space • Provide practical security guidance on new products and technologies, recommending secure-by-default patterns that fit into existing workflows • Help secure SeatGeek's use of AI — from LLM-assisted development to AI-powered product features — by building guardrails and reviewing for risks like prompt injection, sensitive-data exposure, and insecure model and tool integrations • Contribute to design reviews and threat modeling for high-impact features and services; surface risks early and help ensure mitigations are designed in • Build security tooling that prevents issues at build/deploy time and helps automate detection and response in production • Improve our detection and incident response capabilities — raise signal quality, tune detections, and implement automated responders that reduce manual toil and time to contain • Partner with engineering and business teams on cross-functional security work: endpoint and device trust, identity and email protections, security awareness and training, vendor reviews and risk assessments, and supporting compliance efforts (e.g., PCI/SOX) • Protect SeatGeek from abuse and bots at the edge and app layers through layered defenses and tuning • Contribute to security incidents and tabletops, including writing incident reviews; help improve runbooks, processes, and stakeholder communications afterward • Advocate for strong secure coding practices and contribute to a pragmatic, positive security culture across your team and partner teams

CAPCO POLAND *We are looking for Poland based candidate. Capco is a fully independent, global management and technology consultancy. For 25 years we have combined innovative thinking with deep industry knowledge to deliver business consulting, digital transformation and technology services to Finance and Energy markets. Our collaborative and efficient approach helps clients reduce costs and manage risk and regulatory change while increasing revenues. We are thinkers, innovators, and disruptors. We are small enough to care but large enough to matter. We are seeking a highly skilled Security Operations Engineer to support the expansion of a strategic security program focused on onboarding critical applications into enhanced monitoring capabilities.In this role, you will play a key part in building and optimizing SIEM detection capabilities, supporting threat verification, and enabling regulatory alignment with DORA (Digital Operational Resilience Act) requirements by the end of 2026. You will work at the intersection of SIEM engineering, threat modelling, and security operations, contributing directly to improving detection accuracy and strengthening overall security posture. Key Responsibilities: - Detection Engineering: Design, build, and optimize SIEM detection rules (with a focus on Microsoft Sentinel) - Testing & Automation: Develop and execute test cases for detection logic; automate validation processes using scripting - Application Onboarding: Support onboarding of critical applications into the security monitoring ecosystem - Requirements Gathering: Collaborate with application teams to define logging requirements and detection use cases - Workshop Facilitation: Lead and moderate workshops with stakeholders to align on threat scenarios and security capabilities - Technical Documentation: Produce clear and comprehensive documentation covering detection logic, threat models, and validation results - Collaboration: Work closely with SOC, engineering, and red teams to enhance alert fidelity and incident response effectiveness - Compliance Delivery: Contribute to threat verification and ensure deliverables meet ALaM program and DORA milestones Required Skills and Experience: - - SIEM Expertise: Hands-on experience with SIEM platforms (strong preference for Microsoft Sentinel) - Detection Engineering: Proven track record in creating, tuning, and testing detection rules - Scripting & Automation: Proficiency in Python, PowerShell, Bash, or similar for automation use cases - Communication: Strong English communication skills with the ability to confidently lead stakeholder workshops - Technical Knowledge: Understanding of cloud (Azure, AWS), operating systems (Windows, Linux), and database environments (SQL, Oracle) - Autonomy: Ability to work independently in a dynamic, high-volume onboarding environment Technology Stack - SIEM & Security: Microsoft Sentinel - Cloud & Infrastructure: Azure, AWS, Windows, Linux, SQL, Oracle - Scripting & Automation: KQL, Python, PowerShell, Bash Nice to have: - Experience in threat modelling and defining threat profiles - Familiarity with DORA or other regulatory frameworks in financial services We have been informed of several recruitment scams targeting the public. We strongly advise you to verify identities before engaging in recruitment related communication. All official Capco communication will be conducted via a Capco recruiter. We offer a flexible collaboration model based on a B2B contract, with the opportunity to work on diverse projects. #LI-REMOTE