Senior Security Engineer

We are looking for a T-shaped Senior Security Engineer with strong depth in application security and cloud-native infrastructure security. You will work hands-on across Go services, AWS, Kubernetes/EKS, Istio, CI/CD, and compliance-driven technical controls to make security part of how we build, deploy, and operate software.

This is an engineering-first security role. You should be comfortable moving across the stack - from code review and threat modeling to IAM, Kubernetes policy, service mesh security, and secure delivery pipelines - while going deepest on application security and cloud security.

Our main application stack is written in Go.

What you’ll do:

• Own and improve application security across the SDLC, including secure design reviews, threat modeling, security-focused code review, and CI/CD-integrated SAST, SCA, and secrets scanning.

• Harden our AWS and Kubernetes/EKS environment, including IAM, network segmentation, workload identity, secrets management, admission control, and runtime security controls.

• Secure and improve our Istio service mesh, including mTLS, authorization policies, ingress/egress controls, and service-to-service security patterns.

• Build security guardrails as code, including policy-as-code, paved-road patterns, reusable templates, and self-service tooling that helps developers move quickly and safely.

• Improve software supply-chain security through controls such as image signing, SBOMs, dependency visibility, artifact provenance, and secure build/release practices.

• Drive vulnerability management end to end: triage, exploitability-based prioritization, remediation coordination with SRE and product engineering, and follow-through on penetration test findings.

• Build and operate technical controls that support HIPAA and SOC 2, including access control, encryption, audit logging, evidence automation, and secure handling of sensitive health data.

• Help shape the full lifecycle of security services, from design and deployment to operation, measurement, and continuous improvement.

What we’re looking for:

• 5+ years of experience in security engineering, cloud security, application security, or software engineering with a strong security focus.

• Strong hands-on application security experience, including threat modeling, secure code review, API security, and OWASP API Top 10 risks.

• Production experience securing AWS and Kubernetes/EKS environments.

• Hands-on experience with Istio security in production or production-like environments.

• Strong coding ability in Go or Python. You are comfortable building tools, automation, and integrations when needed.

• Experience with CI/CD security and infrastructure as code, such as Terraform, ArgoCD, or GitOps workflows.

• Experience with Kubernetes policy and networking tools such as Kyverno, OPA, Cilium.

• Ability to translate security, privacy, and compliance requirements into practical technical controls.

• At least one experience working with regulated environments such as HIPAA, SOC 2, or ISO 27001.

• Ownership mindset: you can take a project from concept through rollout and operational maturity.

• Strong written and spoken English.

• Experience with any of the following is a plus: Supply-chain security tooling such as Cosign, sigstore, SBOMs, or image signing. Offensive security experience, penetration testing, or bug bounty work.

Perks and Benefits:

• Competitive salary package commensurate with experience, plus stock options.

• The equipment you need to do your job.

• 21 days annual leave, plus bank holidays.

• Office in Limassol (Hybrid Work Format) or Remote Option for Candidates Residing Outside of Cyprus.

About our values:

• Think deeper: We understand that in order to grow we need to make all our decisions reality-based and change our opinion based on what we learn. We appreciate data coming in various forms – quantitative and qualitative, feedback from users and colleagues, and strong and weak signals.

• Focus on impact: Results and speed matter. When we are competing to become an A-player in the digital health market, we don’t have the luxury of deliberation. We need to make decisions and changes quickly and, swiftly learn from our mistakes.

• Take ownership: We seek to improve all facets of our company even in ways beyond our job description. We seek and take responsibility for our actions and their impact.

• Push the limits: We encourage our team to explore new ideas, challenge conventional thinking, and continuously improve work.

• Be a Championship Team: As a part of the championship team, you must improve your own performance constantly also know your teammates, their talents and skills and be focused on a common goal and how to achieve it together.