Summary: Seeking a hands-on Senior Security Engineer to drive security transformation, implement controls, respond to incidents, and build a security program from the ground up for a rapidly scaling tech platform. Highlights: 1. Build security from the ground up 2. Directly protect ~10 million users' personal data 3. Foster a security-first culture #### **We are bsport. The place to be!** bsport is an all\-in\-one platform combining boutique fitness and advanced technology. Our platform helps partners manage their bookings, payroll, marketing and more, to streamline operations and boost their commercial success. Since we launched in 2019, we've achieved remarkable growth: * Built a community of over 10 million users * Closed a €30 million Series B in December 2024 * Grown to over 200 employees across Europe We're scaling rapidly to become the \#1 tech partner for boutique studios in Europe and beyond. With this growth comes the critical need to strengthen our security posture, protect our users' data, and build a security\-first culture across the organization. #### **The role: building Security from the ground up** We're looking for a **hands\-on Senior Security Engineer** who will be the driving force behind bsport's security transformation. This is not a purely strategic role \- you'll be rolling up your sleeves to implement security controls, respond to incidents, and build our security program from fundamentals. We need someone who can immediately reduce our exposure to data leaks, phishing, and unauthorized access while building sustainable security practices that scale with our growth. **This role is critical because:** * You'll directly protect \~10 million users' personal data * You'll enable our sales team to confidently answer security questionnaires as we pursue enterprise clients * You’ll work in the SRE team, with close collaboration with SWE teams and exposure to most if not all department leaders * You'll reduce business risk in a fast\-scaling environment where security incidents can damage trust and revenue #### **What you'll do** ##### **️ Hands\-on Security Engineering (60% of your time)** **Immediate priorities (first 3\-6 months):** * **Harden our AWS infrastructure and application security** + Audit and improve IAM configurations and policies + Enhance WAF rules to block sophisticated attacks + Implement automated security scanning in CI/CD pipelines (SAST/DAST) + Work with the SRE team to secure our Kubernetes clusters and container images + Drive and maintain state\-of\-the\-art security posture across backend, frontend, and user data management in collaboration with SWE teams, ensuring best\-in\-class protection for our systems and users. * **Strengthen authentication infrastructure and identity management** + Deploy and configure email security solutions within existing Google Workspace + Deploy and enforce strong authentication methods across the organization's applications and services (SSO, MFA) + Create automated alerting for suspicious behaviors patterns using Grafana/ELK * **Establish vulnerability management** + Set up automated vulnerability scanning for infrastructure and applications (leveraging open\-source tools as much as possible) + Create a prioritised remediation workflow integrated with the engineering team's sprint cycles + Implement dependency scanning for our Python/Django backend and React frontend + Expand secrets detection coverage * **Incident response and monitoring** + Design and implement security alerting using our existing Grafana/ELK stack + Create runbooks for common security incidents (data leaks, phishing, unauthorized access) + Respond to security incidents and conduct post\-incident reviews + Handle customer security inquiries and support sales with security questionnaires ##### **Security Culture \& Training (40% of your time)** **Build security awareness across 200 employees:** * **Design and deliver security training programs** + Create engaging, practical security training for all employees + Develop role\-specific training (engineering, sales, customer success, operations) + Run simulated phishing campaigns and use results to improve training + Conduct quarterly security awareness sessions * **Hardware and endpoint security management** + Define and enforce security standards for employee devices (Mac, Linux, Windows) + Work with IT/HRs to ensure secure device provisioning using Primo + Implement endpoint protection and mobile device management policies + Create security baseline configurations for different roles + Manage device lifecycle security (onboarding, off\-boarding, lost/stolen devices) * **Security champion network** + Identify and train security champions in each department + Create self\-service security documentation and guidelines + Foster a culture where security is everyone's responsibility, not a blocker * **Policy and governance** + Develop pragmatic security policies that balance security with business needs + Create incident response procedures that the entire company understands + Establish a security review process for vendor and third\-party tools + Maintain security documentation and update it as we scale #### **Who you are** ##### **Must\-have experience** * **5\+ years in security engineering, infrastructure security, or security software engineering roles** * **Strong hands\-on experience with AWS or GCP security** (IAM, security groups, WAF, etc.) * **Deep understanding of application security** (OWASP Top 10, secure coding, API security) * **Experience building security programs from scratch** in fast\-growing startups or scale\-ups * **Proven track record in incident response** and handling data breach scenarios * **Good programming skills** (at least one of Python, Typescript, Golang) * **Experience with infrastructure security** (Kubernetes, container security, IaC security) * **Prior experience training employees on Security** ##### **Strong bonus points** * Experience with GDPR compliance and data protection regulations * Background in penetration testing or offensive security * Familiarity with our tech stack (Django, React, PostgreSQL, Terraform) * Experience responding to security questionnaires for enterprise sales * SOC2 or ISO27001 implementation experience ##### **Technical environment** * AWS * Infrastructure as Code: Terraform, Helm * Container orchestration: Kubernetes, Docker * Monitoring: Grafana, ELK stack * Backend: Python Django, FastAPI, Celery * Frontend: React, TypeScript (mono\-repos, module federation) * Databases: PostgreSQL, Redis, RabbitMQ, Kafka * CI/CD: GitLab CI, ArgoCD Diversity is one of our most valuable assets, and we are committed to fostering an inclusive environment where everyone can contribute their best work. We welcome applicants from all backgrounds, identities, and experiences to help us build a more inclusive, equitable team. If you’re excited about this role but don’t meet every qualification, we encourage you to apply\-curiosity, adaptability, and a willingness to learn are just as important to us as specific skills. **What We Offer** We believe great work comes from happy, supported people\-that’s why we offer meaningful perks designed to promote balance, growth, and connection. **Attractive compensation package** Competitive salary packages based on your experience and role. **Work\-Life harmony** Hybrid model with remote days to support balance and flexibility. **Work from anywhere** Enjoy up to 15 days of remote work from abroad each year. ️ **Private health insurance** We offer fully\-funded Alan private health coverage so you can focus on what matters most. **Exclusive fitness perks** Stay active with a specially discounted DIR gym membership. **Diverse fun loving team** Multicultural colleagues, after\-work events, team\-building \& more.