SHORTList

Senior Security Engineer

JOB INFO

Apply

Apply for this job directly on SHORTList.

Referral

Share your custom referral link for this job with qualified candidates. Earn the referral you lead to a hire.

COMPANYLegora

The role: At Legora, we prioritise security. Always. We are looking for Application Security Engineers who can think like an attacker, build like a developer, and operate like an SRE. In this role you will work across our whole tech stack, from our Azure cloud infrastructure, JavaScript and Python services, to our AI integrations and workflows. Your goal is to ensure everything we ship and build is secure-by-default and resilient to evolving threats. At Legora we don't believe that “shifting left” is sufficient, our goal is to build a secure and resilient ecosystem for our engineers so that they can build tomorrows features with confidence and speed. *This is a Stockholm-based, 5-day in-office role, we believe building together in person drives better outcomes.

What you will be doing:

  • Embed security into our software development lifecycle; conduct design reviews, threat modelling, and secure code reviews for our JavaScript and Python codebases.
  • Architect and implement security controls for our cloud infrastructure, ensuring Zero Trust principles in across our networks, identities, and service-to-service communication.
  • Build and maintain secure-by-default tooling, templates, and guardrails for our developers.
  • Ensure our AI workflows and pipelines are secured and resilient against prompt injection, data leakage, and abuse.
  • Develop and maintain vulnerability management pipelines, triaging and driving fixes with engineering teams.
  • Automate security processes in CI/CD, including secret scanning, artifact signing, and policy-as-code checks.
  • Partner with our information security team to ensure compliance and automate evidence collection efforts.

Who you are:

  • Experience with Security Engineering or Product Security roles
  • Able to produce production grade code.
  • You understand Zero Trust architecture
  • You have experience with secure SDLC practices, application security testing, and vulnerability management.
  • You thrive in cross-functional work, explaining security risks to engineers, influencing design choices, and collaborating to deliver secure features on time.