Security Engineer

About the Role and Team

As a Security Engineer, you’ll join our Security function and work closely with Platform Engineers, development teams, Legal, IT, Trust & Safety teams to ensure the protection of our platform, our users, and their data. You’ll help build and maintain a strong security foundation across our systems — including our emerging use of AI — making security a natural part of how we design, build, and operate at scale.

In this role, you’ll operate in a highly collaborative, engineering-driven environment where security is a shared responsibility. You’ll combine hands-on technical work with cross-functional partnership, enabling secure product development, guiding teams through best practices, and helping Catawiki maintain user trust while continuing to grow securely and responsibly in an AI-enhanced environment.

What You’ll Do

• Identify, assess, and remediate security vulnerabilities across applications, infrastructure, internal services, and AI/ML pipelines.
• Conduct secure code reviews, threat modeling, and security assessments for new features, architectural changes and legacy components.
• Implement and maintain secure storage mechanisms, encryption practices, secrets management, and key management solutions.
• Define, document, and enforce security policies, standards, and best practices throughout the software development lifecycle (SDLC), including AI-related data handling and model governance.
• Collaborate closely with Platform Engineers to integrate security into CI/CD pipelines, infrastructure-as-code, runtime environments.
• Work with Legal, IT, Trust & Safety teams to ensure compliance, support investigations, manage security requirements.
• Participate in incident response — investigate security events, triage issues, support remediation, and strengthen preventive controls.
• Raise security awareness across the company by providing guidance, training, and proactive support for secure development, AI safety, and system design.
• Contribute to long-term security strategy by evaluating emerging threats — including those involving AI — identifying opportunities for automation, and recommending new tools or processes.
  
  

Who You Are

• You have development experience in Ruby, Python, or a similar language, and you’re comfortable reviewing and contributing to backend codebases.
• You bring 3+ years of hands-on security engineering experience, ideally in a cloud-based or high-traffic environment.
• You understand application, infrastructure, and AI/ML security principles, and you can navigate risk within data pipelines and model-driven systems.
• You have strong knowledge of secure coding practices and common vulnerabilities (OWASP, SANS) across both traditional and AI-enabled services.
• You’re experienced with secure code reviews, threat modeling, and designing practical and scalable mitigations.
• You have a solid understanding of cryptography, encryption, key management, secrets handling, and secure data storage.
• You’re familiar with integrating security into modern SDLC practices — including pipelines, IaC, cloud-native environments, and emerging AI workflows.
• You communicate clearly and collaborate effectively with engineering and non-engineering teams..
• You’re proactive, curious, and comfortable driving initiatives that strengthen our long-term security posture.