Laravel is a globally distributed software company behind one of the world's most popular web application frameworks. Our tools and platforms help millions of developers build, deploy, and maintain modern web applications. We focus on thoughtful engineering, developer experience, and building products that are reliable, secure, and a pleasure to use.

At Laravel, security is not a gatekeeping function; it's an enabling one. We build tools and platforms used by millions of developers worldwide, and we take seriously the trust they place in us. We're looking for a Security Engineer to help us strengthen that trust by improving how we secure our infrastructure, applications, and operations as we continue to scale.

This role is ideal for someone who enjoys working close to production systems, collaborating with engineers, and solving real-world security problems pragmatically. You'll help ensure our products and internal systems are secure, compliant, and resilient, all without slowing teams down.

Description of the Role

As a Security Engineer, you'll be part of Laravel's Security & Compliance function within Engineering, reporting to Kevin Mitsch. This is a hands-on role with broad scope, spanning cloud and SaaS security, vulnerability management, compliance support, security operations, and developer enablement.

You'll work closely with engineering, product, and operations teams, acting as a trusted partner who helps embed security into everyday workflows rather than bolting it on after the fact.

Your 12-Month Mission

Imagine we're all at a Laracon in 12 months' time, and we're talking about you being an amazing hire, and everything that you have done:

Within your First 30 Days

You've learned Laravel's systems, products, and security landscape, built strong working relationships, and identified the most important risks and opportunities.

By Day 60

You're delivering visible wins - improving access controls, tightening configurations, reducing known vulnerabilities, and supporting audits or compliance requirements with confidence.

By Day 90

You're driving meaningful progress on larger initiatives: strengthening cloud security posture, improving vulnerability management workflows, and helping teams ship more securely by default.

And at the end of Year One

You're a trusted security partner across the company - known for your sound judgment, calm handling of sensitive issues, and ability to balance security, reliability, and developer velocity.

What You Will Do

Own security operations across cloud infrastructure, SaaS platforms, and internal systems

Strengthen cloud and infrastructure security, including identity, access control, network controls, logging, and data protection

Identify, prioritize, and remediate vulnerabilities using scanning, monitoring, and reporting tools

Partner with engineering teams on application and platform security, threat modeling, and secure configuration

Support compliance efforts across frameworks such as ISO 27001, SOC 2, PCI-DSS, HIPAA, and GDPR

Manage and collaborate on bug bounty and security research, triaging findings and supporting remediation

Respond to security and privacy requests, including abuse reports, phishing, DMCA takedowns, and GDPR requests

Automate wherever possible, improving security processes through scripting, CI/CD, and infrastructure-as-code

Requirements

Requirements - What You Will Bring

Experience in security operations, information security, or application security engineering

Practical experience securing cloud environments (AWS preferred) and SaaS platforms

Strong understanding of web application security, secure development practices, and OWASP Top 10

Familiarity with security and privacy frameworks such as ISO 27001, SOC 2, HIPAA, GDPR, and NIST

Ability to work across teams, communicate clearly, and take ownership of outcomes

Comfort operating in ambiguous situations and applying judgment where playbooks don't exist

Experience with the Laravel framework and ecosystem is a significant plus.

Requirements - Bonus Skills

Experience building security automation and operational tooling

Familiarity with CI/CD pipelines and infrastructure-as-code

Hands-on experience with bug bounty programs

Security certifications such as CISSP, CCSP, or similar

A degree in Cybersecurity or a related discipline

Location

Fully remote, EU Based

Benefits

Small tight-knit team where every developer counts

Fully remote and globally distributed working environment

Option to attend Laracon conferences around the world

Health care plan (Medical, Dental & Vision)

Paid time off (Vacation, Sick & Public holidays)

Family leave (Maternity, Paternity)

Pension plans (As locally applicable)

Performance based bonus plan

Company equity