Security Engineer - hybrid (2 days/month) in Kraków, Gdańsk or Warsaw

Department: Engineering

Location: Kraków

• Take ownership of security controls across our AWS infrastructure - ensuring we scale securely, stay compliant, and move fast without compromising trust.
• Optimize edge protection with Cloudflare - tuning WAF, rate limiting, and bot detection rules to keep millions of users safe and systems performant.
• Embed security into how we build - working shoulder-to-shoulder with engineers to integrate checks and policies into CI/CD, and automate enforcement.
• Run threat modeling and vulnerability assessments that drive real change, not just paperwork - prioritizing risks and delivering fixes that matter.
• Lead the charge when it counts - detect and respond to security incidents, reduce response time, and continuously improve tooling and readiness.
• Champion security across the company - through training, documentation, and clear guidance that empowers teams to build securely by default.
  
  

• Strengthen our cloud security posture by working on optimizing security controls across our infrastructure.
• Raise the bar for application security - hardening APIs and critical web surfaces against common and emerging threats.
• Embed additional automated security gates into CI/CD to further enhance code and application security.
• Build and launch new security automations, streamlining detection and response workflows to cut manual effort and boost visibility.

• 4+ years of hands-on experience as a Security Engineer, delivering real impact in cloud-native, fast-moving environments.
• Deep expertise in securing AWS environments, plus strong instincts for what matters in production.
• Strong practical experience with WAFs, Zero Trust, and security rule tuning.
• Confident working across the SDLC, owning CI/CD security, managing secrets, mitigating supply chain risks, and integrating SAST/DAST tools.
• Hands-on experience with Infrastructure as Code (IaC) (Terraform) and cloud-native tooling.
• Fluent in automation, scripting with Python, Go or others to scale defenses and reduce manual work.
• Solid grasp of compliance landscapes (ISO 27001, GDPR, SOC 2) without losing sight of practicality.
• Communicate clearly across all levels, from devs to leadership, and elevate teams through training, guidance, and collaboration.
  
  

• Culture of Autonomy: No micromanagement, no politics. Just builders building.
• Growth Investment: Dedicated learning days, personal development plans, internal workshops, mentorship, and language classes.
• Live well: Life/health insurance, private healthcare, wellbeing access (Mindgram), gym card.
• Flexible Work: Choose contract type (B2B or employment), hybrid setup (2 days/month in office), 2 weeks work-from-anywhere, plus flexible benefits to choose from (gym card, various subsidies).
• Stay connected: Annual travel allowance, team days, company events.
• Tech you need: MacBook and top-tier tools from day one.
• Extra perk: Unlimited, free access to AirHelp’s services – for you and your loved ones.