Security Administrator

Shopfully is a platform turning browsing into shopping. We connect 200 million shoppers with deals while boosting local sales for top retailers and brands. We help consumers save time and money while supporting retailers in engaging customers from online research to in-store purchases.

We are looking for a highly skilled and motivated Security Administrator to become a foundational member of our new cybersecurity team. This is a unique opportunity to work directly with the Director of Information Security and play a key role in shaping and executing our cybersecurity strategy across the Flipp & Shopfully group. You will operate in a dynamic, fast‑paced, global environment, contributing to the creation of a mature and resilient security posture.

• Work closely with the CISO on the implementation and operation of core security tools and technologies (e.g., WAF, DDoS protection, security scanners, SIEM).
• Serve as the first point of contact (Tier 1) for user‑reported security issues and incidents.
• Collaborate with engineering teams to troubleshoot and resolve vulnerabilities identified during penetration tests and security assessments.
• Contribute to the design and deployment of a Zero Trust security model and mandatory 2FA implementation.
• Support the creation and rollout of a unified Information Security Policy and related guidelines.
• Conduct security assessments and due diligence on third‑party vendors as part of the Vendor Risk Management program.
• Collaborate with the Legal team on GDPR and DPO‑related activities.
• Partner with engineering and product teams to integrate security into the secure development lifecycle (SSDLC).
• Promote secure coding practices and assist developers in remediating application‑level vulnerabilities.
• Contribute to ongoing security assessments of our AWS cloud environment, including configurations, access controls, and overall security posture.
• Support the execution of the overall cybersecurity strategy and roadmap in alignment with business objectives.
• Perform risk assessments and help prioritize initiatives using a risk‑based approach.
• Act as a key partner to the CISO in day‑to‑day operations and special projects.

• 7–10 years of hands‑on experience in cybersecurity, ideally in fast‑paced, high‑growth, or startup‑like environments.
• Proven experience in IT security, including securing and managing AWS cloud environments.
• Demonstrated experience in managing security processes, with exposure to both GRC and Application Security domains.
• Excellent communication and interpersonal skills, able to collaborate effectively with engineering, legal, product, and leadership teams.
• Strong problem‑solving abilities, with a strategic mindset and the ability to execute tactically when needed.
• High sense of ownership, responsibility, and proactivity in addressing security challenges.
• Fluency in English; knowledge of Italian and/or German is a plus.
• (Nice to have) Bachelor’s degree in Software Engineering, Computer Science, or equivalent practical experience.
• (Nice to have) Relevant security certifications such as CISSP, CISM, CCNA, or equivalent.

While we have an office in Milan, you can benefit from our flexible hybrid model, empowering you to work where you’re most effective. Remote available from Italy. We provide all necessary equipment for you to work effectively and set up your workspace, wherever you are.

We offer a vibrant, inclusive work environment with autonomy, flexibility, and a hybrid work model. Learning opportunities, regular feedback sessions, central offices with snacks and coffee, team events (offsites, happy hours, company parties), and country‑specific benefits.

• Progress Over Perfection: We move forward, always. Momentum matters.
• Clarity Through Transparency: We work in teams, not silos. Transparency gives context.
• Learn Loudly: Growth by doing and daring.
• Challenge with Empathy: Speak up, listen deeply, build trust.
• Always Build Better: We are builders of better.