Security Engineer

Laravel is a globally distributed software company behind one of the world’s most popular web application frameworks. Our tools and platforms help millions of developers build, deploy, and maintain modern web applications. We focus on thoughtful engineering, developer experience, and building products that are reliable, secure, and a pleasure to use.

At Laravel, security is not a gatekeeping function; it’s an enabling one. We build tools and platforms used by millions of developers worldwide, and we take seriously the trust they place in us. We’re looking for a Security Engineer to help us strengthen that trust by improving how we secure our infrastructure, applications, and operations as we continue to scale.

This role is ideal for someone who enjoys working close to production systems, collaborating with engineers, and solving real-world security problems pragmatically. You’ll help ensure our products and internal systems are secure, compliant, and resilient, all without slowing teams down.

Description of the Role

As a Security Engineer, you’ll be part of Laravel’s Security & Compliance function within Engineering, reporting to Kevin Mitsch. This is a hands-on role with broad scope, spanning cloud and SaaS security, vulnerability management, compliance support, security operations, and developer enablement.

You’ll work closely with engineering, product, and operations teams, acting as a trusted partner who helps embed security into everyday workflows rather than bolting it on after the fact.

Your 12-Month Mission

Imagine we’re all at a Laracon in 12 months’ time, and we’re talking about you being an amazing hire, and everything that you have done :

Within your First 30 Days

You’ve learned Laravel’s systems, products, and security landscape, built strong working relationships, and identified the most important risks and opportunities.

By Day 60

You’re delivering visible wins - improving access controls, tightening configurations, reducing known vulnerabilities, and supporting audits or compliance requirements with confidence.

By Day 90

You’re driving meaningful progress on larger initiatives : strengthening cloud security posture, improving vulnerability management workflows, and helping teams ship more securely by default.

And at the end of Year One

You’re a trusted security partner across the company - known for your sound judgment, calm handling of sensitive issues, and ability to balance security, reliability, and developer velocity.

What You Will Do

• Own security operations across cloud infrastructure, SaaS platforms, and internal systems
• Strengthen cloud and infrastructure security, including identity, access control, network controls, logging, and data protection
• Identify, prioritize, and remediate vulnerabilities using scanning, monitoring, and reporting tools
• Partner with engineering teams on application and platform security, threat modeling, and secure configuration
• Support compliance efforts across frameworks such as ISO 27001, SOC 2, PCI-DSS, HIPAA, and GDPR
• Manage and collaborate on bug bounty and security research, triaging findings and supporting remediation
• Respond to security and privacy requests, including abuse reports, phishing, DMCA takedowns, and GDPR requests
• Automate wherever possible, improving security processes through scripting, CI / CD, and infrastructure-as-code

Requirements

Requirements - What You Will Bring

Requirements - Bonus Skills

Location

Fully remote, EU Based

Benefits