We provide the DevOps automation platform built to empower developers. From cloud infrastructure provisioning to production deployment, our platform streamlines every step, enabling faster delivery, simplified workflows, and significant time savings.

We're scaling, and we are looking for our Product Security & Compliance Engineer.

🎯 Why This Role is Important:

Security and compliance aren’t just checkboxes; they’re core to the experience we deliver to our users. 

In this role, you’ll work at the intersection of product, infrastructure, and compliance. You’ll ensure we meet the highest security standards (SOC2, ISO, DORA...) and embed those same principles directly into our product, enabling secure-by-default experiences for all our customers.

🧩 What Will Your Job Look Like:

• Own our compliance roadmap: Lead and maintain initiatives for SOC2, DORA, ISO 27001, and more, ensuring we stay ahead of evolving standards.

• Build security into the product: Design and implement security controls directly within our infrastructure platform, keeping security seamless and low-overhead for users.
• Drive technical security ops: Define best practices for patch management, system updates, and infrastructure security. Partner with R&D teams to embed these practices into their workflows.
• Automate code & vulnerability reviews: Set up tools and processes to detect CVEs and enable fast, reliable patching across our codebase and dependencies.
• Implement security tooling: Deploy and manage security monitoring, logging, and alerting solutions. Guide engineering teams in integrating and following these tools.
• Lead customer security reviews: Handle security questionnaires, assessments, and audits for prospects and customers.
• Manage audits & risk: Run regular security audits, coordinate with third-party auditors, and manage tools like Vanta to automate compliance workflows.
• Create clarity: Document policies, create security playbooks, and run training sessions to keep the team informed and aligned.
• Be our incident response lead: Take the reins when incidents happen, drive response efforts, and lead post-incident reviews.

🛠 About You:

• Strong experience with compliance frameworks like SOC2, ISO 27001, DORA
• Solid background in cloud infrastructure security (AWS, GCP, Azure, Kubernetes, containers, IDS, WAF, DDoS protection, SSL/TLS, etc.)
• Comfortable with system-level security and patch management
• Ability to read code, understand development workflows, and implement security tooling
• Familiar with tools like Vanta, AWS Security Hub, Renovate, SIEMs, vulnerability scanners
• Strong communication skills: able to collaborate with technical teams and explain security requirements clearly
• A mindset for automation and scale: experience with Infrastructure as Code and security automation is a plus
• Comfortable with languages like Rust, Kotlin, Go, or similar
• Fluent in English (written and spoken)

🎯 What You’ll Get at Qovery:

• Competitive Compensation with Equity
• Attracting benefits package
• A flexible work environment with a fully remote environment
• Continuous learning and professional development opportunities
• An authentic company culture with a focus on collaboration and innovation

💥 Our Talent Acquisition Process:

We’ve designed a streamlined process to ensure a great candidate experience. Typically, it takes 3-4 weeks:

1. Screening with Marie (45 min to 1h)
2. Technical Deep Dive: A 60-minute deep dive into your tech skills and collaboration experience.
3. A product and Production statements interview (45 min to 1h)
4. Case Study Presentation to showcase your ability to make structured answers, product vision, habits on security concerns and tool deployments
5. Final Round: Meet with a co-founder and leadership to discuss alignment with Qovery’s values and mission.
6. Reference Checks: Validate performance, integrity, and alignment with our needs.

We’re committed to keeping you informed throughout the process, ensuring a smooth and transparent experience.