Senior Security Engineer

Gelato has created the world's largest global network for on-demand production of custom products - from t-shirts and mugs to books and wall art. We empower a new generation of ecommerce entrepreneurs to share their creativity worldwide while embracing local, sustainable production. By producing locally and perfectly matching supply with demand, we eliminate waste and reduce carbon emissions.

At Gelato, we don't own production facilities - we build the software that connects them. With over 140 production partners in 32 countries, our network can deliver custom products to five billion people in just 72 hours. It's smarter, faster, and greener.

With GelatoConnect, our SaaS platform, we're driving innovation in print production. GelatoConnect simplifies operations for print producers by automating procurement, workflows, and logistics into one seamless system. By boosting efficiency and cutting costs, it helps businesses scale to meet market demands. With GelatoConnect, we're reshaping the print industry to be more efficient, sustainable, and profitable.

Following our global expansion, we are looking for a passionate Senior Security Engineer to join our effort of protecting Gelato and, most importantly, our customer's data.

We are looking for a person who wants to make the Gelato platform safer for millions of users around the world. We'd love to talk to you if you're a talented individual who is passionate about finding security weaknesses and crafting scalable and usable solutions. We are enablers who make it easier for engineers to create secure‑by‑design services, not blockers.

Reporting directly to the Head of Information Security, you will work closely with Product Managers and Tech Engineers.

• Collaborate closely with Product Design and Software Engineering to align with security features, roadmaps and ensure timely delivery.
• Identify vulnerabilities and develop innovative, scalable solutions to enhance our defense‑in‑depth strategy. This involves conducting vulnerability scans and penetration testing.
• Promote a security‑conscious culture by educating all Gelato employees on security best practices.
• Monitor and respond to security incidents, including the regular analysis of potential threats.
• Identify, document and measure security risk, effectively communicate these risks to senior leadership, and influence remediation plans.
• Participate in an on‑call rotation to provide timely response and escalation for security incidents outside of business hours, ensuring continuous protection and monitoring coverage.
• Develop, tune, and maintain security monitoring and detection systems (IAM, SIEM, SOAR, WAF, EDR) to identify suspicious activity, anomalies, and potential threats.
• Manage the full vulnerability management lifecycle, including identification, prioritisation, remediation tracking, and verification of closure.
• Contribute to security architecture reviews and the design, deployment, and hardening of security controls across infrastructure, cloud, and applications.
• Introduce automation and orchestration to streamline detection, response, and compliance activities through scripting (Python, PowerShell, Bash).
• Support governance and compliance activities such as audit preparation, evidence collection, and control testing against frameworks like ISO27001, SOC 2, NIST CSF, and CIS Controls.
• Hands‑on experience designing and implementing secure AWS cloud architectures.
• Integrate AI and LLM technologies into daily security workflows to automate repetitive analysis, improve threat detection, and support rapid incident response.

• A degree (Master's is a plus) in Computer Science, a similar technical field of study, or equivalent practical experience
• Broader certification coverage, including CISSP, CISM, GIAC (GCIH, GCIA, GCFA), CCSP, or equivalent advanced credentials.
• 7+ years of experience in cybersecurity, with at least 3 years in hands‑on incident response, detection, or vulnerability management roles.
• Proven experience with SIEM, WAF, IAM, SOAR, EDR, and vulnerability management tools.
• Cloud security specialisation, ideally with certifications such as AWS Security Specialty
• Demonstrated expertise in incident response, including investigation, containment, and coordination across cross‑functional teams.
• Embraces an AI‑first mindset, leveraging AI and LLM tools to drive efficiency and innovation in daily work.
• Strong crisis management and communication skills, able to remain composed under pressure and communicate clearly with both technical and non‑technical stakeholders.
• Good understanding of implementation requirements for ISO27001 and/or SOC2.
• Strong practical automation and scripting capabilities using Python, PowerShell, or Bash to enhance detection and response efficiency.
• Experience designing and implementing production services, APIs, or security‑specific libraries.
• Familiarity with cloud solutions, including AWS and GCP, and prior experience with tools like Cloudflare, ELK stack, and Burpsuite Professional, as well as scripting and programming skills, are required.
• Strong strategic thinking, planning, and organisational skills.
• Fluency in English with excellent verbal and written communication abilities is a mandatory requirement.

We are a customer‑obsessed team with the ambition to change the world by connecting technology to the printing industry and making it much more sustainable. Everyone who joins our team must feel genuinely intrigued and motivated by our mission. We expect a lot. We are a driven team with big goals, so we seek individuals who are genuinely passionate about their work and possess an entrepreneurial spirit. Our culture is unique and we live by our values, so it's worth learning more about our culture and how we work before presenting your application.

At Gelato, we pride ourselves on our global presence with 14 offices worldwide, fostering a dynamic and diverse work environment. Rooted in a culture that values collaboration, creativity, and camaraderie, we actively cultivate a company culture that thrives on shared experiences. We encourage team members to embrace this culture by working from our inspiring office spaces at least three days a week, allowing for meaningful connections and collective growth.

Lastly, we ask that you please upload your CV in English, regardless of which country you are applying from.