Security Engineer (DevSecOps)

Emporix is an AI-driven Autonomous Commerce Execution Platform that gives enterprises full control over how their commerce works. It orchestrates operations end-to-end - so companies can scale faster, respond smarter, and deliver better customer experiences. We are looking for a skilled Security Engineer to join our team in Poland, with hands-on experience in cloud security and a pragmatic approach to finding and fixing real problems. This is not a consulting engagement - you'll conduct a thorough technical security audit and then stay with us to remediate every finding you uncover. You'll work closely with our engineers, shaping security practices from the ground up.

You can work from our modern office in Gliwice or remotely from anywhere in Poland, with a visit to the office at least once per month to meet the team.

What You'll Be Doing

Security Audit & Assessment

• Conduct a comprehensive internal security audit of our GCP infrastructure, GKE clusters, Apigee API gateway, and MongoDB Atlas deployments


• Review network architecture, IAM policies, secrets management, and workload isolation across all environments


• Assess API security: authentication flows, rate limiting, token scoping, and gateway policies in Apigee


• Audit GKE hardening: RBAC, pod security standards, node pool configuration, admission controllers, and container image supply chain


• Identify and prioritise vulnerabilities, misconfigurations, and compliance gaps with clear severity ratings


• 
  

Remediation & Hands-On Fixes

• Implement fixes directly - not just write reports - including Infrastructure as a Code changes (Terraform / Helm), policy updates, and pipeline security gates


• Analyse root causes of security gaps and implement long-term structural improvements

About You

• You have 4+ years of experience in security engineering, cloud security, or DevSecOps


• You are comfortable working hands-on with Cloud Providers and have audited managed Kubernetes environments


• You have solid knowledge of Kubernetes security: RBAC, Pod Security Standards, network policies, and OPA/Gatekeeper


• You understand API security deeply - preferably with Apigee or a comparable gateway


• You know how to secure Cloud Managed NoSQL databases: access controls, encryption, and audit logging


• You can write and review Terraform or Helm charts to implement your own fixes


• You have a strong grasp of OAuth 2.0, JWT, mTLS, and secret lifecycle management


• You communicate effectively in both Polish and English (minimum B2 level)


• You are a self-starter who takes ownership of findings and sees them through to resolution

Bonus Points (What Else Might Help You Succeed?)

• GCP Professional Security Engineer or CKS (Certified Kubernetes Security Specialist) certification


• Experience with SAST/DAST tooling such as Semgrep, Trivy, or OWASP ZAP


• Familiarity with headless commerce architectures


• Knowledge of ISO27001 or SOC 2 compliance requirements


• Bug bounty or penetration testing background

Why You'll Love It Here

• Meaningful Impact: Your work will directly shape the security posture of a cutting-edge commerce platform used by global enterprises - from finding the first issue to shipping the fix.


• Hands-On Ownership: This is not a reporting role. You audit, you fix, you monitor. If you want to see the direct results of your work, this is the place.


• Collaborative Culture: Work with experienced engineers in a supportive environment that values knowledge sharing and practical solutions over bureaucracy.


• Flexible Work Setup: Enjoy a remote/hybrid work model that promotes flexibility and personal well-being while encouraging meaningful team connections. Meet in our Gliwice office at least once a month.

Come as you are: We are building an AI-driven future for commerce, and that requires a variety of perspectives. Emporix is an equal opportunity employer where your skills and pragmatic approach are what matter most. We encourage candidates of all genders and backgrounds to apply. Even if you don't check every single box, but you are passionate about security and making systems genuinely safer, we'd love to meet you.