Security Engineer Bucharest

Security Engineer
Bucureşti
Bucharest, Bucharest, Romania

Job Description

The Role
As we continue to grow, ensuring the security and integrity of our platform is more important than ever. We’re looking for a Security Engineer to help shape the future of security at Masabi, someone who’s excited to build robust controls, reduce risk, and support our global compliance journey.

You’ll work closely with teams across the business to maintain and improve our compliance posture (PCI DSS, ISO27001, SOC2), drive vulnerability management and security tooling, and support audits and client commitments. This is a highly collaborative role that blends technical insight with process improvement, ideal for someone who’s curious, empathetic,
- oriented, and ready to make a positive impact.

You’ll report directly to the Senior Director of Corporate IT, Compliance, and Customer Success.

Responsibilities
Compliance & Security Controls

• Own and improve security controls aligned with PCI DSS, SOC 2, and ISO 27001, supporting audits and recertifications
• Ensure we stay
  - ready with control testing, documentation, and remediation
• Partner with internal teams and auditors to manage evidence collection and compliance outcomes
• Manage and track contractual security obligations, flagging any billable work

Risk Management & Policy

• Lead risk assessments, identify control gaps, and recommend mitigation strategies
• Manage the lifecycle of security policies and standards, making sure they’re practical,
  -
  - date, and embedded across teams
• Stay ahead of regulatory changes and industry trends to proactively adjust our security approach

Vulnerability Management

• Own our vulnerability scanning and triage process, prioritising risks and working with teams to close gaps within SLAs
• Coordinate and follow up on
  - annual penetration tests
• Monitor CVEs and evaluate impact across cloud infrastructure and code dependencies
• Oversee patching compliance and ensure SSL certificates are
  -
  - date
• Automate scanning, reporting, and risk scoring wherever possible

Incident Response & Continuous Improvement

• Own the lifecycle of security incidents, from detection and response to lessons learned
• Maintain
  -
  - date incident response plans aligned with compliance standards
• Implement and optimise tools to detect, prevent, and mitigate potential threats
• Lead regular security reviews across cloud environments and code repositories
• Track key risk indicators (KRIs) and report on security metrics to leadership
• Support the completion of RFPs and customer security questionnaires

About You

• Hands-on experience in security engineering, compliance, or risk management
• Comfortable working with PCI DSS, ISO 27001, SOC 2 and security audits
• Solid understanding of vulnerability scanning, pen testing, and cloud environments (AWS)
• Familiar with risk assessments, mitigation strategies, and patching workflows
• Able to write clear documentation, reports, and policies
• Collaborate, curious, proactive, and always looking for ways to improve
• Comfortable working independently in a
  - first environment

Some of our benefits

• 25 days holiday per year plus the Christmas Shutdown (another 3-4 days)
• Premium medical care via Regina Maria
• Mental health support
• Menopause support
• Regular social gatherings with a monthly allowance for each employee
• Up to €1000 training budget per year
• €200 to spend on your home office
• Choice of workstation
• Ability to work for up to 3 months per year from any country in the world