Senior Security Engineer

We’re on a mission to make good health last a lifetime. More than 1 billion people live with obesity worldwide, driving preventable chronic conditions. We’re here to build better long-term care.

Euc is the company behind Juniper, one of the world’s largest weight-management programs combining GLP-1 medication with personalised nutrition, movement support, and clinician-led care from prescribers, nurses, health coaches, pharmacists, and dietitians. Our published clinical research shows that our combined clinical and behavioural approach helps patients lose significantly more weight during their treatment with Juniper by four times.

• 130% YoY revenue growth and a 90% reduction in cash burn, with $100M+ raised from investors including BOND, NewView, Blackbird and Airtree.
• Supported over 350k patients living with obesity across our 5 markets
• Received selective NICE endorsement to provide services to the NHS.
• Tailored our offering to thousand of patients in Germany and Japan

As Senior Security Engineer you will join our Trust Team (IT, Cybersecurity, Infrastructure) at Eucalyptus and contribute to building a reliable and effective digital health platform. Reporting to the Security Engineering Manager, you will drive application and cloud security initiatives that enable innovation and protect the data of hundreds of thousands of patients.

You’re joining during a period of significant business transformation and international growth. Your first months will reflect that context: scaling security controls across new markets, partnering with product and engineering, and building guardrails and tooling as we adopt AI in engineering workflows.

• →Partner with engineering teams: Identify and prioritise security risks in products and features, facilitate threat modelling, and grow the engineering team’s security skills.
• →Identify and manage vulnerabilities: Perform security testing against our applications and cloud infrastructure to identify vulnerabilities. Work with teams across the business to manage vulnerability remediation.
• →Build internal security tooling: Develop security tooling and automations to shift security left and reduce manual review bottlenecks.
• →Manage and mature our security posture: Design and implement security controls across cloud platforms and applications.
• →Prepare for and respond to security incidents: Investigate alerts, maintain and evolve response playbooks, and lead cross-functional response when incidents occur.

• 5+ years of experience in security engineering, application security, software development, or a related engineering role.
• You are able to code effectively in at least one modern language (Python, Go, JavaScript, etc.).
• You have experience conducting security design reviews, threat modelling, and code reviews for web applications.
• Hands-on experience with designing, implementing and securing cloud-native systems and applications.
• Deep understanding of web application vulnerabilities, attack techniques and mitigation strategies.
• You have excellent written and verbal communication skills, particularly in explaining technical concepts to non-technical audiences.

• Experience working with security tools such as SAST, DAST, SCA, and container security scanners.
• Familiarity with security standards and privacy frameworks (e.g. ISO 27001, GDPR, Australian Privacy Act).

• Strong partnering skills. You build trusted relationships across engineering, IT and the business and thrive in collaborative, cross-functional environments.
• Pragmatic risk communicator. You frame security decisions in terms of business risk and trade-offs, not just technical severity. You know when to prioritise 'good enough now' over 'perfect later.'
• Problem-solving orientation. You approach challenges with creativity and persistence. You are comfortable with ambiguity, connect day-to-day work to larger objectives, and know when to simplify versus when to invest.
• Continuous learner. You are intellectually curious and humble. You actively seek new perspectives, adapt based on evidence, and embrace the learning curve of building across diverse health domains and markets.

• Real ownership and impact at scale. Own and drive security initiatives at the intersection of emerging technology, healthcare and global scale. Your work ships to production and has an impact in days, not weeks or months.
• We have a high performance culture. We have a high bar for talent, so you'll get to learn from some of the best engineers in the industry. Security here is about proportionate controls that keep teams moving - not tick-box gates.
• The environment you'll be securing. Frontend: React, React Native + Expo, TypeScript, Apollo, Tailwind. Backend: Node (TypeScript) and Go microservices, Federated GraphQL, gRPC, Protobufs, Pub/Sub and Postgres, hosted on GCP Kubernetes Engine (GKE).
• We'll invest in your growth, development and career. Get mentorship from leaders across Australia, the UK, Germany, and Japan, collaborate with teams in the Philippines and South Africa, and explore new markets or travel internationally. Every employee has a yearly Learning and Development budget for courses, books, conferences - anything to help you learn.

At Eucalyptus, we value individuals from all backgrounds, experiences, and perspectives, and we embrace the unique qualities each person brings. When you apply, please let us know of any reasonable adjustments you may need during the interview process.