Senior Security Engineer
Join our global force of 400+ innovators, blending the latest in tech with the greatest in soundtracking, from our Stockholm HQ to offices in London, New York, Los Angeles, Berlin, Paris, Oslo, and Seoul. We’re an industry leader with a startup mentality. We take what we do seriously, but we don’t take ourselves too seriously. Creating and collaborating to transform the sound of streaming, content, and culture. Come join us, and let the world feel your work.
As a Security Engineer at Epidemic Sound, you will help keep the company safe across three connected surfaces: the products our customers use, the platform our engineers build on, and the systems our employees rely on every day. This is a broad, generalist role where your work directly shapes how an industry-leading company with a startup mentality manages risk and builds securely at scale.
Building security automations and custom AI agents is a normal part of how the team operates, and you will be expected to do the same. You will sit within the Business Tech Division and report to the Head of Security, working closely with engineers, SRE, IT, Legal, and People teams across the organisation.
Your key responsibilities include
Own the vulnerability management programme across our products, cloud, and corporate estate: discovery, prioritisation, remediation tracking, and reporting.
Consolidate findings across our detection stack into a single risk picture.
Partner with software engineers to grow the Secure Software Development Lifecycle, including code reviews, threat models, and pre-ship security input.
Harden the GCP estate, Kubernetes platform, and CI/CD systems our engineers depend on.
Run vendor security reviews and respond to enterprise customer security questionnaires.
Operate and tune the Elastic SIEM and broader detection stack, building new detections as the threat picture evolves.
Respond to security incidents including on-call, and run training exercises to keep the team ready.
Build and run security agents and automations that other engineers and the wider business rely on, treating them as production-grade software.
Evaluate AI models and frameworks against security standards.
Requirements
Around five years in security engineering, with depth in at least one of application security, infrastructure security, enterprise security, or vulnerability management, and solid breadth across the others.
Hands-on experience running or contributing to a vulnerability management programme, including prioritisation, SLA setting, remediation tracking, and reporting.
Working knowledge of SCA/SAST tooling, Internal Developer Portals, and SIEM; we use Snyk, Port, and Elastic.
Working knowledge of the security features of the major public cloud providers, with GCP preferred.
Comfort with Kubernetes, Docker, or other container architectures.
Confident with at least one programming or scripting language such as Python, Go, or Bash.
Solid experience with Git, GitHub Actions, and Terraform.
Active, daily use of AI and agentic tools, with concrete examples of agents you have built and outputs you have shipped.
Experience with vendor security questionnaires.
Familiarity with common security frameworks such as PCI DSS and NIST.
It would also be music to our ears if you have
Penetration testing background or OWASP Top 10 fluency.
Experience with CI/CD security hardening at scale.
A track record of building security tools other engineers want to use.
Experience reporting vulnerability management and security posture metrics to leadership.
Familiarity with social engineering attacks, especially phishing, and the controls that reduce them.
Equal opportunity employer
We believe that bringing people together from different backgrounds, experiences and perspectives makes for a healthy workplace, a more successful business and a better world. We value diversity and encourage everyone to come and soundtrack the world with us.
Application
Ready to make the world feel your work? Please apply, in English.
Job Details
Experience
Senior · 5–5 yrs