Senior Security Engineer - Remote Opportunity

About the Role

We're looking for a Senior Security Engineer to help strengthen and scale Runware's security posture as we grow our AI inference platform and expand our enterprise customer base. This Senior Security Engineer remote role has clear ownership over security controls, compliance execution, and day-to-day security engineering, including driving SOC 2 and ISO 27001 compliance from end to end. You will work closely with engineering, infrastructure, and leadership to ensure security is built into how we design, build, and operate the platform.

What You'll Do

• Own and drive SOC 2 and ISO 27001 compliance, including control design, implementation, evidence collection, audits, and continuous improvement.
• Translate compliance requirements into practical, scalable engineering and operational controls.
• Partner with infrastructure and engineering teams to embed security into system design and delivery.
• Maintain and evolve Runware's security policies, standards, and risk register.
• Lead security reviews of systems, architectures, and changes with a focus on real-world risk.
• Support incident response, including investigation, containment, and post-incident learning.
• Improve security visibility across the platform (logging, monitoring, alerting, audit trails).
• Own vendor and third-party security assessments and questionnaires.
• Help establish and mature secure development practices (access control, secrets management, least privilege, change management).
• Act as a security mentor and point of reference for engineers across the organization.

Requirements

• Strong experience in security engineering, infrastructure security, or a closely related role.
• Proven, hands-on experience delivering SOC 2 and/or ISO 27001 in a production environment.
• Strong understanding of cloud security fundamentals (IAM, networking, encryption, key management).
• Experience working with modern cloud platforms, CI/CD pipelines, and containerized workloads.
• Ability to assess risk pragmatically and prioritize controls that actually reduce it.
• Experience responding to and managing security incidents in real systems.
• Comfortable working across engineering, product, and leadership stakeholders.
• Clear communicator, especially when explaining security trade-offs and decisions.
• Ability to operate independently and take ownership in a remote-first environment.

Nice to Have

• Experience securing high-performance or distributed systems.
• Familiarity with compliance tooling and evidence automation.
• Knowledge of infrastructure as code (Terraform, Pulumi, etc.).
• Experience with vulnerability management, penetration testing, or bug bounty programs.
• Background in startups or scaling companies.

What We Offer

• We're a remote-first collective, meeting in person twice a year to plan, brainstorm, celebrate wins, and enjoy some face-to-face time.
• Generous paid time off - vacation, sick days, public holidays.
• Flexible hours - own your schedule outside core collaboration blocks.
• Family leave - paid maternity, paternity, and caregiver time.
• Company retreats - twice-yearly gatherings in inspiring locations.