Security Engineer

Laravel is a globally distributed software company behind one of the world’s most popular web application frameworks. Our tools and platforms help millions of developers build, deploy, and maintain modern web applications. We focus on thoughtful engineering, developer experience, and building products that are reliable, secure, and a pleasure to use.

At Laravel, security is not a gatekeeping function; it’s an enabling one. We build tools and platforms used by millions of developers worldwide, and we take seriously the trust they place in us. We’re looking for a Security Engineer to help us strengthen that trust by improving how we secure our infrastructure, applications, and operations as we continue to scale.

This role is ideal for someone who enjoys working close to production systems, collaborating with engineers, and solving real-world security problems pragmatically. You’ll help ensure our products and internal systems are secure, compliant, and resilient, all without slowing teams down.

Description of the Role

As a Security Engineer, you’ll be part of Laravel’s Security & Compliance function within Engineering, reporting to Kevin Mitsch. This is a hands-on role with broad scope, spanning cloud and SaaS security, vulnerability management, compliance support, security operations, and developer enablement.

You’ll work closely with engineering, product, and operations teams, acting as a trusted partner who helps embed security into everyday workflows rather than bolting it on after the fact.

Your 12-Month Mission

Imagine we’re all at a Laracon in 12 months’ time, and we’re talking about you being an amazing hire, and everything that you have done:

Within your First 30 Days
You’ve learned Laravel’s systems, products, and security landscape, built strong working relationships, and identified the most important risks and opportunities.

By Day 60
You’re delivering visible wins - improving access controls, tightening configurations, reducing known vulnerabilities, and supporting audits or compliance requirements with confidence.

By Day 90 You’re driving meaningful progress on larger initiatives: strengthening cloud security posture, improving vulnerability management workflows, and helping teams ship more securely by default.

And at the end of Year One
You’re a trusted security partner across the company - known for your sound judgment, calm handling of sensitive issues, and ability to balance security, reliability, and developer velocity.

What You Will Do

• Own security operations across cloud infrastructure, SaaS platforms, and internal systems
• Strengthen cloud and infrastructure security, including identity, access control, network controls, logging, and data protection
• Identify, prioritize, and remediate vulnerabilities using scanning, monitoring, and reporting tools
• Partner with engineering teams on application and platform security, threat modeling, and secure configuration
• Support compliance efforts across frameworks such as ISO 27001, SOC 2, PCI-DSS, HIPAA, and GDPR
• Manage and collaborate on bug bounty and security research, triaging findings and supporting remediation
• Respond to security and privacy requests, including abuse reports, phishing, DMCA takedowns, and GDPR requests
• Automate wherever possible, improving security processes through scripting, CI/CD, and infrastructure-as-code

Requirements

Requirements - What You Will Bring

• Experience in security operations, information security, or application security engineering
• Practical experience securing cloud environments (AWS preferred) and SaaS platforms
• Strong understanding of web application security, secure development practices, and OWASP Top 10
• Familiarity with security and privacy frameworks such as ISO 27001, SOC 2, HIPAA, GDPR, and NIST
• Ability to work across teams, communicate clearly, and take ownership of outcomes
• Comfort operating in ambiguous situations and applying judgment where playbooks don’t exist
• Experience with the Laravel framework and ecosystem is a significant plus.

Requirements - Bonus Skills

• Experience building security automation and operational tooling
• Familiarity with CI/CD pipelines and infrastructure-as-code
• Hands-on experience with bug bounty programs
• Security certifications such as CISSP, CCSP, or similar
• A degree in Cybersecurity or a related discipline

Location

Fully remote, EU Based

Benefits

• Small tight-knit team where every developer counts
• Fully remote and globally distributed working environment
• Option to attend Laracon conferences around the world
• Health care plan (Medical, Dental & Vision)
• Paid time off (Vacation, Sick & Public holidays)
• Family leave (Maternity, Paternity)
• Pension plans (As locally applicable)
• Performance based bonus plan
• Company equity