Senior Security Engineer (Zürich /San Francisco)

As our first dedicated Senior Security Engineer, you’ll have a significant impact at a rapidly growing startup. We’ve built a small security program including SOC2 certification, but it’s time for someone dedicated to lead that. Your role will vary, from implementing security monitoring tools to promoting IaC best practices to conducting risk assessments and ensuring compliance – you will get to draw on your full set of skills and develop new ones.

Locations: Senior Security Engineer (Zürich /San Francisco)

About Lakera

Lakera is on a mission to secure the era of intelligent computing. We are heading towards a future where AI-powered applications take center stage. Here at Lakera, we're not just dreaming about the future; we're building the security foundation for it. We empower builders, giving them the confidence to navigate this new dynamic landscape and unleash the next phase of innovation. 

We work with Fortune 500 companies, startups, and foundation model providers to protect them and their users from adversarial misalignment. We are also the company behind Gandalf, the world’s most popular AI security game. If you're eager to be part of a team that's not just keeping pace but setting the pace, Lakera is the right place for you. Let's shape the future together.

What You’ll Do

• Securing our cloud infrastructure
  • Design and implement a secure architecture for our cloud infrastructure (AWS) that follows industry and IaC best practices.
  • Select and maintain our security tools stack.
  • Implement and maintain secure access to our cloud infrastructure.
  • Implement security monitoring tools to detect and respond to security events in real time., either through third-party tools or custom scripts.
• Identity Management
  • Implement an identity management solution for secure RBAC to all our infrastructure
  • Ensure the IAM solution strikes the right balance between automation, security, and frictionless work.
• Champion secure development practices
  • Educate developers on security best practices.
  • Conduct code reviews of Terraform scripts and high-risk segments of application code.
• Vulnerability and risk assessments
  • Conduct regular assessments of which of our assets are at risk.
  • Perform penetration testing to simulate cyberattacks (or work with external parties). 
  • Collaborate with DevOps to introduce DevSecOps best practices.
• Incident Response
  • Put in place comprehensive EDR tooling and continue to ensure our endpoints and infrastructure are well-protected
  • Develop and manage our incident response plans and related policies.
  • Investigate security incidents, analyze root causes, and recommend corrective actions.
• Compliance, audits, and requests
  • Ensure regulatory compliance from a security perspective to SoC2, ISO27001, GDPR, and HIPAA.
  • Help in preparing for external audits.
  • Help in answering security-related questions as part of procurement processes.
• Cross-team collaborations
  • Collaborate with anyone from top-level management to engineering, to IT on our internal security posture.
  • Collaborate with the product team, to help us shape the AI Security landscape.
  • Participate in our InfoSec research of LLM applications.

What You’ll Bring

• You are a battle-hardened security engineer with 5+ years of experience in a security role and an excellent overview of the threat landscape.
• You are comfortable with Infrastructure as Code (Terraform, CloudFormation).
• You are comfortable with Python (or Node.js) and Bash to develop custom scripts to automate tooling, check infrastructure configurations, and log analysis. 
• You have 3+ years of experience working on AWS with a solid understanding of AWS security best practices, experience with other cloud platforms is a bonus.
• You have worked in a fast-growing startup or scale-up before.
• Your role will be cross-functional, collaborating with top-level management, engineering, and IT, so you have to be an excellent communicator.
• You’re comfortable evaluating new tools and vendors to find the right fit for our company today and where we will be in the future. 

👉 Let's stay connected! Follow us on LinkedIn, Twitter & Instagram to learn more about what is happening at Lakera.

ℹ️ Join us on Momentum, the slack community for AI Safety and Security everything.

❗To remove your information from our recruitment database, please email privacy@lakera.ai.