Security Engineer

Summary

Join Masabi, a global leader in fare payment technology, as a Security Engineer. You will play a crucial role in shaping the future of security at Masabi, building robust controls, reducing risk, and supporting global compliance. This role involves close collaboration with various teams to maintain and improve compliance posture (PCI DSS, ISO27001, SOC2), manage vulnerability management and security tooling, and support audits and client commitments. You will report to the Senior Director of Corporate IT, Compliance, and Customer Success. This is a highly collaborative role blending technical expertise with process improvement, ideal for a curious, empathetic, and detail-oriented individual. Masabi offers a supportive and inclusive work environment with various benefits.

Requirements

• Hands-on experience in security engineering, compliance, or risk management
• Comfortable working with PCI DSS, ISO 27001, SOC 2 and security audits
• Solid understanding of vulnerability scanning, pen testing, and cloud environments
• Familiar with risk assessments, mitigation strategies, and patching workflows
• Able to write clear documentation, reports, and policies
• Collaborate, curious, proactive, and always looking for ways to improve
• Comfortable working independently in a remote-first environment

Responsibilities

• Own and improve security controls aligned with PCI DSS, SOC 2, and ISO 27001, supporting audits and recertifications
• Ensure we stay audit-ready with control testing, documentation, and remediation
• Partner with internal teams and auditors to manage evidence collection and compliance outcomes
• Manage and track contractual security obligations, flagging any billable work
• Lead risk assessments, identify control gaps, and recommend mitigation strategies
• Manage the lifecycle of security policies and standards, making sure they’re practical, up-to-date, and embedded across teams
• Stay ahead of regulatory changes and industry trends to proactively adjust our security approach
• Own our vulnerability scanning and triage process, prioritising risks and working with teams to close gaps within SLAs
• Coordinate and follow up on bi-annual penetration tests
• Monitor CVEs and evaluate impact across cloud infrastructure and code dependencies
• Oversee patching compliance and ensure SSL certificates are up-to-date
• Automate scanning, reporting, and risk scoring wherever possible
• Own the lifecycle of security incidents, from detection and response to lessons learned
• Maintain up-to-date incident response plans aligned with compliance standards
• Implement and optimise tools to detect, prevent, and mitigate potential threats
• Lead regular security reviews across cloud environments and code repositories
• Track key risk indicators (KRIs) and report on security metrics to leadership
• Support the completion of RFPs and customer security questionnaires

Benefits

• 23 days holiday per year plus the Christmas Shutdown (another 3-4 days)
• Private healthcare
• Up to €1000 training budget per year
• ���200 to spend on your home office
• Choice of workstation
• Menopause support
• Ability to work for up to 3 months per year from any country in the world. Certain limitations may apply