Senior Security Operations Engineer

About the role

We are seeking a Senior Security Operations Engineer to join a fast‑growing AI‑driven technology company in Switzerland. The role blends security engineering with day‑to‑day operations, protecting large‑scale cloud infrastructure, voice AI applications, and sensitive customer environments.

Key responsibilities

• Conduct threat modeling, security architecture reviews, and secure code reviews for new services and feature changes.
• Design, deploy, and maintain security tooling across CI/CD pipelines, including SAST, SCA, DAST, secret scanning, and IaC security controls.
• Partner with engineering to harden AWS infrastructure, IAM configurations, Terraform‑managed environments, and network segmentation.
• Lead vulnerability management: triage, prioritize, track, and support remediation across systems and applications.
• Support incident response activities, including investigations, root‑cause analysis, remediation planning, and post‑incident hardening.
• Monitor and respond to alerts from endpoint, cloud, and application security platforms.
• Participate in compliance and audit efforts for SOC 2, ISO 27001, PCI 4.0, and related frameworks.
• Assist sales, legal, and customer‑facing teams with security questionnaires, RFP responses, and trust‑related requests.
• Improve operational security processes, runbooks, and automation using scripting and AI‑assisted tools.

Required profile

• 5+ years of experience in security engineering, security operations, or hybrid security‑focused roles within cloud or technology environments.
• Strong expertise in application security, threat modeling, secure code review, and OWASP Top 10.
• Hands‑on experience with security tooling such as SAST, SCA, DAST, and secret scanning.
• Proven ability to work remotely in a highly collaborative, fast‑paced setting.

Required skills

• AWS security and IAM
• Terraform and infrastructure‑as‑code security
• SAST, SCA, DAST, secret scanning tools
• Vulnerability management and incident response
• Threat modeling and secure code review
• OWASP Top 10 knowledge
• Compliance frameworks: SOC 2, ISO 27001, PCI 4.0
• Scripting (e.g., Python, Bash) and automation