Security Engineer

At Masabi, we're driving the fare payment revolution, powering the journeys of millions all over the world. We build fare collection platforms that allow riders to seamlessly buy and present tickets for public transport either on their mobile phones, from a ticket machine, or even by tapping their bank card to travel.

Our Justride platform is used in over 250 locations globally, including some of the largest cities in the world. With our industry-first mobile ticketing SDK, we've partnered with large players in the transport space, including Uber, Moovit and Transit.

Your own journey is important to us too. Choosing a role here means joining a network of innovators from all walks of life; a group of passionate individuals who consistently deliver. Here, you'll find the tools you need to build the career you want. Whether you're taking the direct route or trying a new path, we'll support you no matter what.

Job Description

The Role

As we continue to grow, ensuring the security and integrity of our platform is more important than ever. We're looking for a Security Engineer to help shape the future of security at Masabi, someone who's excited to build robust controls, reduce risk, and support our global compliance journey.

You'll work closely with teams across the business to maintain and improve our compliance posture (PCI DSS, ISO27001, SOC2), drive vulnerability management and security tooling, and support audits and client commitments. This is a highly collaborative role that blends technical insight with process improvement, ideal for someone who's curious, empathetic, detail-oriented, and ready to make a positive impact.

You'll report directly to the Senior Director of Corporate IT, Compliance, and Customer Success.

Responsibilities

Compliance & Security Controls

• Own and improve security controls aligned with PCI DSS, SOC 2, and ISO 27001, supporting audits and recertifications
• Ensure we stay audit-ready with control testing, documentation, and remediation
• Partner with internal teams and auditors to manage evidence collection and compliance outcomes
• Manage and track contractual security obligations, flagging any billable work
• Lead risk assessments, identify control gaps, and recommend mitigation strategies
• Manage the lifecycle of security policies and standards, making sure they're practical, up-to-date, and embedded across teams
• Stay ahead of regulatory changes and industry trends to proactively adjust our security approach

Vulnerability Management

• Own our vulnerability scanning and triage process, prioritising risks and working with teams to close gaps within SLAs
• Coordinate and follow up on bi-annual penetration tests
• Monitor CVEs and evaluate impact across cloud infrastructure and code dependencies
• Oversee patching compliance and ensure SSL certificates are up-to-date
• Automate scanning, reporting, and risk scoring wherever possible
• Own the lifecycle of security incidents, from detection and response to lessons learned
• Maintain up-to-date incident response plans aligned with compliance standards
• Implement and optimise tools to detect, prevent, and mitigate potential threats
• Lead regular security reviews across cloud environments and code repositories
• Track key risk indicators (KRIs) and report on security metrics to leadership
• Support the completion of RFPs and customer security questionnaires

Qualifications

About You

• Hands-on experience in security engineering, compliance, or risk management
• Comfortable working with PCI DSS, ISO 27001, SOC 2 and security audits
• Solid understanding of vulnerability scanning, pen testing, and cloud environments (AWS)
• Familiar with risk assessments, mitigation strategies, and patching workflows
• Able to write clear documentation, reports, and policies
• Collaborate, curious, proactive, and always looking for ways to improve
• Comfortable working independently in a remote-first environment

Additional Information

Some of our benefits

• 23 days holiday per year plus the Christmas Shutdown (another 3-4 days)
• Up to €1000 training budget per year
• 200 to spend on your home office
• Choice of workstation
• Ability to work for up to 3 months per year from any country in the world. Certain limitations may apply