Senior Security Engineer

Our Mission

The way businesses buy stuff is completely broken. Whether it’s SaaS, hardware, or contractors, the average B2B purchase takes over 3 months, requires 50+ emails, and involves multiple different stakeholders (IT, Legal, InfoSec, Finance, etc.). No one likes the way it is and it’s slowing businesses down.

Omnea’s platform handles the entire purchasing process: giving employees an easy place to make requests (Intake), managing the necessary approvals for the purchase to be made (Approvals Engine), and automating all renewals management & supplier risk assessments. Omnea gives both buyers, and finance & procurement leaders critical visibility into how, when, and why money is being spent.

Given the current market's increased focus on capital efficiency, there has never been a more vital time for businesses to use Omnea and get control of their spend. This is why we're one of the fastest growing Series A B2B businesses in Europe, backed by tier-1 VCs like Accel, First Round, & Point Nine.

Welcome to Spend Control 2.0 — built for tougher times.

What we're looking for

We’re hiring at both Level 3 (Senior) and Level 4 (Lead). For calibration, candidates typically bring 5+ years of deep security engineering experience in high-growth, cloud-native SaaS environments - but we care more about impact than years.

You’ll be the first dedicated security specialist on the team, partnering with product engineers, GTM, and leadership to make Omnea the industry benchmark for security and trust.

What You’ll Do

• Make our security posture airtight. Design and implement security controls across architecture, infrastructure and code (AWS Serverless, CDK/SST, React/TypeScript).

• Shift security left. Embed SAST/DAST, IaC scanning, secure coding standards and threat-modeling into every stage of our CI/CD pipeline.

• Own compliance & audits. Run our Vanta instance end-to-end (SOC 2 Type II, ISO 27001, GDPR, etc.) and coordinate third-party pen tests, evidence gathering and policy reviews.

• Enable revenue. Partner with Sales & Customer Success to answer security questionnaires, lead RFP security sections, and join prospect calls to remove friction and build trust.

• Code and build. Contribute production-ready TypeScript, Terraform/CDK and automation scripts; raise the security bar through secure patterns, libraries and reviews.

• Drive security culture. Run incident-response playbooks, tabletop exercises, and brown-bag sessions so every Omnea engineer becomes a security champion.

What Can You Expect in our Tech team?

• Massive Ownership. You’ll set the north-star security roadmap and see it through — from brainstorming to shipping dashboards, policies and guard-rails in prod.

• Modern, Cloud‑Native Stack. Everything serverless and IaC‑driven; you’ll secure every layer.

• Continuous Delivery, Securely. We deploy multiple times/day; your guard‑rails make that safe.

• Customer-Facing Impact. Your work unlocks deals, reduces time-to-close, and keeps renewal risk near zero - security as a growth lever, not a blocker.

• Collaboration & Autonomy. Plenty of heads-down coding, but also daily pairing with product engineers, GTM, and leadership on high-stakes opportunities.

• Scalability Challenges. As we 10× revenue, you’ll evolve our security architecture for multi-region HA, fine-grained data residency, and tight least-privilege controls.

About You

• Security expert & builder. You design secure architectures and write elegant code (TypeScript or similar). You’ve rolled out tooling like Vanta, Snyk, Semgrep, Wiz or Orca.

• Commercial mindset. You enjoy turning security wins into faster sales cycles and stronger renewals. You’ve partnered with GTM or directly handled customer audits/RFPs.

• Cloud-first. Deep knowledge of AWS IAM, networking, KMS, serverless hardening, and infrastructure-as-code review.

• Bias for action. You iterate quickly, ship pragmatically, and automate everything.

• Culture carrier. You coach teammates, document best practices, and keep calm during incidents.

• Comfort with ambiguity. First dedicated security hire? Perfect-you’ll set the bar.

Nice-to-haves

• Prior lead-level ownership of SOC 2 Type II or ISO 27001 certifications.

• Demonstrated open-source security contributions, CTF wins, or conference talks.

• Experience with procurement or fintech data-flows, third-party risk, or PCI.

At Omnea, we embrace diversity. To build a product that's loved by everyone, we're best served by a team with all sorts of backgrounds, experiences, and perspectives. We encourage you to apply even if your experience doesn't quite match the full job spec! And regardless of your race, religion, colour, gender, or anything else! If you think you could be a good fit for Omnea, please reach out.

A few things to note:

• We work Tuesdays, Wednesdays & Thursdays in-person at our offices. At this early stage of our company life-cycle it's important to us that we get this together-time, and you can read more about why we believe this is a winning move here

• We're commercial, ambitious and we don't pretend otherwise! We're actively seeking folks looking to make the most of a career-defining opportunity, with the hunger to be part of building something really impressive. You can see our values here

• We sometimes use AI note-takers to help us transcribe interview notes, so we can be more present in your interview. If you'd like to opt out of us using automatic transcribers, please note this in the free text field in your application, otherwise we'll take your application as confirmation that you're happy for us to use notetakers (whether added to video calls or in the background).
  

  
  We are proud to be recognised for both our culture and product, and we are just getting started. Join us as we grow!

#J-18808-Ljbffr