Security Lead
Apheris
Seniority
Senior
Model
In-Office
Sector
Salary
Undisclosed
Contract
Full-Time
Hands-on Security Lead to define, operationalize, and scale Apheris' security capabilities. You will own cloud and application security, incident response, IT and corporate security, and security tooling across the environment. You will collaborate closely with engineering, product, and leadership, ensuring that security is embedded throughout systems, operations, and development processes.
What you'll do
- Own cloud and application security, including AWS security architecture, IAM, network security, and secure configuration management.
- Drive and continually improve application security practices, including secure coding guidance, threat modeling support, and automated security testing in the SDLC.
- Lead the incident response program, including playbook development, on-call readiness, threat detection, and response coordination.
- Manage vulnerability management processes, ensuring risks are identified, triaged, and remediated effectively with engineering teams.
- Maintain and evolve security tooling, including monitoring, logging, SIEM/alerting, and secrets management.
- Collaborate with engineering and platform teams to embed security considerations into design and architectural decisions.
- Own corporate and IT security, including endpoint management, identity and access management, and oversight of the external IT provider.
- Lead security reviews by customers, acting as a confident, trusted partner to enterprise clients throughout their evaluation process.
What you'll need
- A degree in computer science, engineering, or equivalent hands-on experience in technical roles.
- 5+ years of experience in security engineering, cloud security, application security, or similar technical security roles.
- Hands-on expertise with AWS security architecture, identity and access management, network security, and modern DevOps practices.
- Experience implementing or supporting secure development lifecycle (SDLC) practices, collaborating closely with engineering.
- Strong understanding of modern authentication, authorization, secrets management, and infrastructure-as-code security.
- Demonstrated experience handling security incidents, vulnerability management, or threat detection.
- Experience maintaining compliance programs such as ISO 27001 or SOC 2.
- A pragmatic, solution-oriented mindset that balances security, usability, and speed.
Nice to have
- Experience acting as a Data Protection Officer or supporting regulation like GDPR.
- Experience leading and developing teams, with the ability to mentor others and scale a security function in a fast-growing environment.
- Understanding of pharma deployment environments and integrations with common R&D platforms.
- Experience working in B2B SaaS environments, particularly with AI-powered or data-intensive products.
What they offer
- Industry-competitive compensation, including early-stage virtual share options
- Remote-first working
- Wellbeing budget, mental health support, work-from-home budget, co-working stipend, and learning budget
- Generous holiday allowance
- Office days at Berlin HQ or different European location (3x per year)
- High-caliber, execution-focused team with experience from leading organizations

