About the company This is a tech scale-up operating as critical infrastructure for some of the largest and fastest-moving technology companies in the world - think high-growth AI companies and global SaaS platforms running at a scale where downtime and compromise simply aren't options.
The role Hack it. Fix it. Hack through the fix. Repeat.
This is a new position created to build two new functions from scratch: Application Security and Offensive Security.
AI is front and centre here. The business has leaned heavily into AI tooling and agent-assisted development, which creates real and immediate security challenges. You'll be one of the people who shapes how those challenges are managed, with access to cutting-edge tooling.
This is a staff-level role, which means your influence extends well beyond your own work. You'll be the person who helps engineering teams understand security - not the team that says no, but the one that makes good security feel achievable. You'll report directly to the Head of Security and work closely with the CTO, platform and pipeline engineering teams, and senior technical leadership.
What you'll own - Design and run adversarial testing campaigns across the full environment - creative, documented, and with a clear path to remediation
- Lead Application Security testing and drive the fix, not just the finding
- Build automation for both AppSec and offensive testing workflows from scratch
- Contribute to AI security: evaluating AI-based tooling and implementing security controls on existing AI systems
- Work across engineering teams to embed security thinking into how they build, not bolt it on afterward
- Shape the security roadmap as the team grows - and eventually build a team underneath you
What we're looking for - 5-7 years in security roles with a genuine Offensive Security or AppSec focus
- Ability to read, write, and reason about code - Ruby and/or Go experience is highly regarded
- Experience with AWS and cloud-native environments
- SaaS application security experience
- Kubernetes and containers familiarity
The ideal profile is roughly 60% offensive security, 40% AppSec - someone who leans toward the breaking side but genuinely knows how to fix things too.
Why this role - Ground-floor opportunity in AI security at a company actively investing in it, with access to tooling and relationships most security teams never see.
- A small, genuinely talented team - you'll be challenged every day.
- Clear path to building and leading your own team as the function grows.
- Remote-first with a real travel budget and quarterly in-person meetups.
If you're excited by the idea of building AppSec and Offensive Security programs from scratch - real ownership, no legacy debt - we'd love to hear from you.
How to apply Click apply, or send your CV to jasmine@decipherbureau.com or eirene@decipherbureau.com for a 100% confidential, informal conversation. Your privacy will be fully respected.