Senior Security Engineer (Cloud Security)

TL;DR

Senior Security Engineer (Cloud Security): Building and optimizing application and infrastructure security for an AI-powered health platform with an accent on Go services, AWS, and Kubernetes. Focus on hardening cloud-native environments, securing Istio service mesh, and implementing compliance-driven technical controls.

Location: Remote (Poland, Cyprus, Georgia, Portugal, Serbia, Armenia, Spain) or Hybrid (Limassol, Cyprus)

Company

An AI-powered health coaching app dedicated to helping millions lose weight sustainably through personalization and real-life support.

What you will do

• Own application security across the SDLC, including secure design reviews, threat modeling, and CI/CD-integrated scanning (SAST, SCA).
• Harden AWS and Kubernetes/EKS environments, focusing on IAM, network segmentation, and runtime security controls.
• Secure the Istio service mesh using mTLS, authorization policies, and ingress/egress controls.
• Build security guardrails as code, including policy-as-code and reusable templates for developers.
• Manage software supply-chain security via image signing, SBOMs, and secure build/release practices.
• Implement and operate technical controls for HIPAA and SOC 2 compliance.

Requirements

• 5+ years of experience in security engineering, cloud security, or software engineering with a strong security focus.
• Hands-on expertise in application security, including threat modeling and OWASP API Top 10.
• Production experience securing AWS and Kubernetes/EKS environments.
• Practical experience with Istio security in production-like environments.
• Strong coding ability in Go or Python for automation and tool building.
• Experience working within regulated environments such as HIPAA, SOC 2, or ISO 27001.

Nice to have

• Experience with supply-chain tooling such as Cosign, sigstore, or SBOMs.
• Background in offensive security, penetration testing, or bug bounty work.

Culture & Benefits

• Competitive salary package and stock options.
• 21 days of annual leave plus bank holidays.
• Flexible work arrangements: fully remote within specified regions or hybrid in Limassol.
• Provision of necessary hardware and equipment.
• A high-performance culture focused on data-driven decisions, ownership, and pushing technical limits.