Senior Security Engineer

As a Senior Security Engineer, you will own the security architecture and enforcement across our infrastructure. Our infrastructure relies heavily on a Linux ecosystem, and as we scale our cloud footprint and AI initiatives, this layer is becoming increasingly security-sensitive. You will be embedded directly with the teams operating these systems, bridging the gap between high engineering velocity and secure-by-design architecture. Your core mandate is to protect production, harden our Linux environments, establish AI guardrails, and build secure access patterns without creating  process overhead. This role will report to the Sr Director, Infrastructure and Networking and will be a hybrid role based out of Banja Luka, Bosnia. 

• →Linux Hardening & Threat Detection: Secure our underlying Linux infrastructure and container runtimes. Deploy, tune, and manage our SIEM for continuous threat detection, file integrity monitoring, and host-based intrusion detection (HIDS) across our fleet.
• →Identity & Access Control: Design and enforce secure access patterns. Ruthlessly eliminate shared accounts, long-lived credentials, and overly broad permissions across the organization.
• →Cloud & Infrastructure Governance: Own the security posture across our cloud environments. Implement secure infrastructure-as-code practices using Terraform and Terraform workflow.
• →AI & Agentic System Security: Establish infrastructure-level guardrails for AI tooling and agentic systems, including tool permission boundaries, secrets exposure prevention, data egress controls, audit logging, approval workflows for sensitive actions, and controls against prompt-injection-driven misuse of internal systems.
• →Secure CI/CD & Supply Chain: Protect our production deployment paths against supply-chain attacks.
• →Policy-as-Code & Preventive Guardrails: Build and maintain automated security controls into Terraform, Terraform Workflow, Git repository, and CI/CD workflows.
• →Vulnerability Management: Drive faster CVE response times and vulnerability closures across our infrastructure. Reduce the ad hoc security burden currently spread across the engineering team.
• →Incident Response & Compliance: Serve as the clear owner for external security reports, responsible disclosures, and audits, reducing the ad-hoc burden on the broader engineering team.
• →Work closely with the Platform Engineering Services Team regarding Kubernetes, Container & Runtime Security: Own security controls for containerized and cloud-native environments, including image hardening, runtime detection, network policies, workload identity, and secure container build standards.
• →Work closely with all Engineering teams in eliminating security threats.

• Bachelor's degree in Computer Science, Cyber Security or similar technical field of study or equivalent practical experience
• Proven experience as a Security Engineer, with a minimum of 5 years working in a cyber security focused role 
• Deep Linux Expertise: Extensive experience securing, hardening, and operating Linux-based infrastructure and containerized environments
• Cloud-Native Security: Experience securing Kubernetes or similar orchestration platforms, container images, runtime behavior, service mesh or network policies, and workload identity patterns.
• Identity-First Security: Strong understanding of SSO, MFA/passkeys, RBAC, just-in-time access, privileged access management, OIDC federation, and elimination of static credentials.
• Policy-as-Code: Ability to translate security requirements into automated controls.
• SIEM & Endpoint Security: Hands-on experience configuring and maintaining SIEM for centralized logging, vulnerability detection, and active response.
• Cloud & IaC Proficiency: Hands-on experience architecting security in mainstream cloud environments, and deep familiarity with Terraform, Ansible, and Git.
• AI Security Awareness: Practical understanding of LLM and agentic AI risks, including prompt injection, excessive agency, tool abuse, data leakage, insecure plugin/tool integrations, and secure approval boundaries.
• Security Ownership: Comfortable defining security metrics, driving remediation across teams, prioritizing risk pragmatically, and communicating trade-offs clearly to engineering leaders.
• Pragmatic Approach: You focus on automated guardrails, robust monitoring, and secure default paths rather than manual checklists and roadblocks.