Governed, private, secure data access for ML and analytics
Security Lead
Location
Europe
Posted
3 days ago
Salary
0
Seniority
Lead
Job Description
Security Lead
Apheris
Role Description We are looking for a hands-on Security Lead with strong technical depth to define, operationalize, and scale Apheris’ security capabilities. You will own cloud and application security, incident response, IT and corporate security, and security tooling across our environment. You will collaborate closely with engineering, product, and leadership, ensuring that security is embedded throughout our systems, operations, and development processes. You will maintain and evolve the unified security control framework, build scalable security processes, and lead efforts to detect, respond to, and remediate threats. Your focus is on anticipating risks, enabling teams, and ensuring that security is a natural part of day-to-day work. If you thrive at the intersection of technical depth, operational excellence, and cross-functional collaboration, while also influencing architecture, processes, and culture, this role is for you. What you will do - Own cloud and application security, including AWS security architecture, IAM, network security, and secure configuration management. - Drive and continually improve application security practices, including secure coding guidance, threat modeling support, and automated security testing in the SDLC. - Lead the incident response program, including playbook development, on-call readiness, threat detection, and response coordination. - Manage vulnerability management processes, ensuring risks are identified, triaged, and remediated effectively with engineering teams. - Maintain and evolve security tooling, including monitoring, logging, SIEM/alerting, and secrets management. - Collaborate with engineering and platform teams to embed security considerations into design and architectural decisions. - Contribute to the unified control framework, ensuring strong security foundations for ISO 27001 and SOC 2. - Own corporate and IT security, including endpoint management (e.g., MDM), identity and access management, and oversight of the external IT provider. - Lead security reviews by our customers, acting as a confident, trusted partner to enterprise clients throughout their evaluation process. - Stay ahead of emerging threats, technologies, and best practices to continuously uplift Apheris’ security posture. Qualifications - A degree in computer science, engineering, or equivalent hands-on experience in technical roles. - 5+ years of experience in security engineering, cloud security, application security, or similar technical security roles. - Hands-on expertise with AWS security architecture, identity and access management, network security, and modern DevOps practices. - Experience implementing or supporting secure development lifecycle (SDLC) practices, collaborating closely with engineering. - Strong understanding of modern authentication, authorization, secrets management, and infrastructure-as-code security. - Demonstrated experience handling security incidents, vulnerability management, or threat detection. - Demonstrated experience with large-enterprise security and compliance expectations, including how major corporates conduct security reviews and vendor due-diligence processes. - Experience maintaining compliance programs such as ISO 27001 or SOC 2. - Ability to build strong relationships across engineering and influence secure design decisions. - A pragmatic, solution-oriented mindset that balances security, usability, and speed. - Experience mentoring team members and helping them grow their security skills. Nice to have - Experience acting as a Data Protection Officer or supporting regulation like GDPR. - Experience leading and developing teams, with the ability to mentor others and scale a security function in a fast-growing environment. - Understanding of pharma deployment environments and integrations with common R&D platforms (e.g., Schrödinger Live Design, Benchling). - Experience working in B2B SaaS environments, particularly with AI-powered or data-intensive products, and an understanding of the security considerations that come with them. - Experience working directly with external partners, customers, and users in fast-moving, high-stakes projects. What we offer you - Industry-competitive compensation, including early-stage virtual share options. - Remote-first working – work where you work best. - Wellbeing budget, mental health support, work-from-home budget, co-working stipend, and learning budget. - Generous holiday allowance. - Office Days at our Berlin HQ or a different European location (3x per year). - A high-caliber, execution-focused team with experience from leading organizations.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Game Security Team Lead
CoinPokerWhere Poker Meets Blockchain - CoinPoker, the Future of Online Gaming!
• Lead or supervise investigations involving: Multi-accounting, Account sharing, Identity abuse, Payment fraud, Bonus abuse, Bot activity, Automated gameplay, Exploitation of game mechanics, Match manipulation, Collusion between users, Coordinated abuse networks, Suspicious behavioural patterns, Abuse of promotions or platform features. • Conduct investigations using multiple data sources, behavioural analysis, transaction history, gameplay telemetry, device intelligence, and internal tooling. • Identify emerging fraud trends and new abuse methodologies. Recommend new detection rules and monitoring strategies. • Collaborate with data science and engineering teams to improve automated detection capabilities. • Provide operational feedback that improves platform integrity and customer experience. • Produce regular reporting covering: Investigation volumes, Fraud trends, Operational KPIs, Detection performance, Emerging threats, Quality assurance findings, Team productivity, Risk exposure.
Offensive Security Engineer
Sporty GroupOur mission is to build everyday entertainment platforms For Everybody.
• Monitor, map, and test Sporty’s entire external attack surface, including all Sporty Group external domains, subdomains, websites, and public IP addresses. • Conduct adversary emulation exercises against internal and office endpoints to validate the effectiveness of EDR, XDR, and SOC monitoring platforms. • Evaluate the security posture of physical office hardware, corporate network equipment, and internal edge infrastructure. • Perform scoped offensive testing on external-facing web applications and limited, public-facing API endpoints. • Translate external discovery, DNS security posture, network access control weaknesses, and EDR emulation findings into repeatable defensive checks. • Support our Purple Team validate that EDR policies, perimeter controls, firewall rules, and network segmentation work as expected. • Document multi-stage network or system exploitation chains to provide practical, reproducible remediation blueprints for infrastructure and SOC teams. • Support IT and Network analysts with clear vulnerability descriptions, triage steps, severity logic, and escalation guidance. • Improve external asset tracking, perimeter health records, and exposure trend mapping. • Track external vulnerability gaps, emulation success rates, remediation times, asset health, and perimeter exposure.
Manager, Security Advisory – Compliance
IntegrisOur company works as an extension of your team, providing you with smarter solutions, while putting people first.
• Directly manage and mentor the Security Advisory & Compliance Associates, Consultant, and Sr. Consultant roles. • Set clear performance expectations, conduct regular 1:1s, and complete performance reviews. • Support career development, skill progression, and certification attainment across the Security Advisory & Compliance team. • Ensure appropriate workload distribution, capacity planning, and role alignment. • Oversee delivery of all Security Advisory & Compliance services, including audits, risk assessments, policy development, roadmap execution, and vCISO-aligned engagements. • Ensure Security Advisory & Compliance deliverables meet Integris quality standards, SLAs, and client expectations. • Act as an escalation point for complex client issues, delivery risks, or scope challenges. • Partner with Service Delivery and Security Operations leadership to ensure alignment across teams. • Establish and enforce standardized Security Advisory & Compliance methodologies, templates, workflows, and documentation standards. • Review and approve high-impact deliverables, including strategic roadmaps, executive reports, and policy frameworks. • Ensure audit-readiness, defensibility, and consistency across all GRC engagements. • Drive continuous improvement of Security Advisory & Compliance processes, tooling usage, and reporting practices. • Define and evolve the Security Advisory & Compliance service catalog, delivery models, and engagement structure. • Identify opportunities to mature offerings, improve efficiency, and enhance client value. • Partner with leadership on service pricing, packaging, and scalability considerations. • Support sales and pre-sales efforts through solution design, scoping, and subject-matter expertise as needed. • Support or lead executive-level client interactions, including escalations and strategic discussions. • Ensure consistent, high-quality executive communication across QBRs, reports, and advisory engagements. • Maintain strong relationships with key stakeholders to reinforce Integris trusted advisor role. • Provide oversight of vulnerability management, incident governance, and remediation prioritization practices. • Ensure client risk decisions, policy approvals, and governance actions are documented and defensible. • Track and manage Security Advisory & Compliance team performance against KPIs, SLAs, and utilization targets. • Ensure accurate time tracking, documentation, and reporting across the team. • Maintain required training and certifications as defined by management.
Role Description We are seeking an experienced Senior Network Security Engineer to support a 3-month remote engagement focused on network security operations, primarily within Fortinet environments. The ideal candidate combines strong core networking fundamentals with hands-on security operations experience and deep, practical expertise across the Fortinet Security Fabric. - Manage, monitor, and maintain network security infrastructure with a focus on Fortinet solutions (FortiGate, FortiManager, FortiAnalyzer, FortiSwitch/FortiAP as applicable) - Perform day-to-day security operations: firewall policy management, VPN configuration and troubleshooting, traffic analysis, and incident response support - Design, implement, and maintain routing, switching, and network segmentation configurations in coordination with the client's network team - Monitor security events and logs, triage alerts, and escalate/respond to incidents per client protocols - Conduct firewall rule audits, policy optimization, and security posture reviews - Support patching, firmware upgrades, and change management processes for Fortinet devices - Troubleshoot complex network and security issues across LAN/WAN, VPN, and perimeter security layers - Document configurations, standard operating procedures, and incident reports - Collaborate with client stakeholders remotely, ensuring clear communication and timely delivery within the project's operational hours Qualifications - Minimum 5–7 years of experience in network engineering and security operations - Strong hands-on experience with Fortinet products (FortiGate firewalls mandatory; FortiManager/FortiAnalyzer strongly preferred) - Solid grounding in core networking: TCP/IP, routing/switching, VPN (IPsec/SSL), DNS, and network segmentation - Practical security operations experience: log analysis, incident triage, firewall policy management - Fortinet certification(s) required — NSE 4 minimum; NSE 5–7 strongly preferred - Proven ability to work independently in a remote capacity with minimal supervision - Strong documentation and communication skills, including comfort working with Arabic and/or English-speaking stakeholders as needed



