Introduction

At Qdrant, security is not just a checkbox; it is a core feature of our high-performance vector database.

Tasks

As our Security Officer, you will be the strategic lead and technical executor of our security posture. You will bridge the gap between high-level compliance (SOC 2, GDPR, HIPAA, …) and deep-tier engineering. Your mission is to further evolve and scale our security culture with the existing "Security Champions" program while remaining hands-on with architectural risk assessments and Cloud infrastructure hardening. You aren't just managing a backlog — you are building the foundation that allows Qdrant to scale safely.

• Backlog & Strategy: Own and prioritise the Security Backlog, translating high-level threats and compliance needs into actionable engineering requirements for the development teams.
• Security Champions Program: Lead and evolve our existing Security Champions initiative, mentoring engineers to perform internal security reviews and ensuring security is a distributed responsibility rather than a bottleneck.
• Architectural Risk Management: Conduct formal Architectural Risk Assessments on critical components (e.g., Cloud RBAC, JWT, Inference) to ensure security is "baked-in" during the design phase of the SDLC.
• Compliance & Audits: Maintain our "always-audit-ready" status using Drata and HeyData. You will oversee annual SOC 2 audits, GDPR requirements, and drive our OWASP SAMM roadmap toward a maturity score of 1.0.
• Multi-Cloud Security Governance: Oversee security posture management across AWS, GCP, and Azure; leading technical compliance audits and implementing automated identity and access management (IAM) to ensure infrastructure resilience.
• Vulnerability Management & Pentesting: Manage the bi-annual penetration testing lifecycle, coordinate with external security researchers (Bug Bounty Program), and ensure timely remediation of findings in coordination with the development teams.
• Sales & Growth Support: Act as the subject matter expert for customers, completing detailed security questionnaires and ensuring our marketing vendor ecosystem remains compliant.

Your profile

Candidates must demonstrate a mastery of European regulatory landscapes; this geographical preference is based on the technical requirements of the role rather than citizenship.

Requirements

Must-have

• Experience: 5+ years in Security Engineering, DevSecOps, or as a Security Officer in a cloud-native SaaS environment.
• Cloud Proficiency: Technical knowledge of AWS, GCP, Azure (IAM, Multi-AZ architectures, Trusted Advisor, etc.).
• Regulatory & Policy Fluency: Practical experience maintaining SOC 2 Type II, HIPAA, and GDPR. You can architect a unified security policy framework that satisfies multiple compliance standards simultaneously, reducing operational overhead for the engineering team.
• Risk Assessment Skills: Ability to perform threat modeling and architectural risk classification on complex distributed systems.
• Communication: Strong stakeholder management skills; you can advocate for security resources during quarterly capacity planning and explain P0 risks to leadership.
• Self-Starter: The ability to move from "reading the exact policy" to "investigating the code" to provide an informed response to technical queries.

Nice-to-have

• Familiarity with the OWASP SAMM framework.
• Experience using automated compliance tools like Drata or Vanta.
• Background in Rust or high-performance database environments.
• Professional certifications such as CISSP, CISA, or CCSP (Certified Cloud Security Professional), or advanced security-focused certifications from major cloud providers (e.g., AWS Certified Security – Specialty, Azure Security Engineer, or Google Professional Cloud Security Engineer).
• Experience navigating the AWS Foundational Technical Review (FTR).

Benefits

Location

This role is remote and open to candidates located in Europe.

• Competitive salary, equity, and benefits
• Fully remote setup with flexible working hours
• Clear ownership of reliability and operational excellence
• Opportunity to work on mission-critical customer-facing infrastructure
• Strong collaboration with platform and engineering teams

If you enjoy de-risking complex cloud architectures and scaling security through a culture of shared responsibility and technical rigor, we’d love to hear from you.