This is a hands-on role where you'll systematically poke holes in our infrastructure and applications - from QEMU hypervisors to AI inference APIs - then work directly with our development teams to fix what you find and build stronger defenses.

You'll be involved with the full security lifecycle: breaking things down to find issues, researching mitigation strategies, helping developers implement fixes, and training teams to prevent future vulnerabilities. This role is essential to supporting our hybrid security model and ensuring our security posture meets the demands of European data sovereignty and regulatory compliance.

This is perfect for someone who loves the investigative challenge of security research but also enjoys the collaborative aspect of making entire engineering teams more security-aware.

There are a lot of ways this role could work - with many configurations of knowledge.

If you hit even 50% of this, and are an expert in what you know - reach out!

• Cash + equity compensation along with various fringe benefits (e.g., healthcare, lunch, wellbeing, etc.).
• Our operations are profitable, in addition to fast growth.
• You’ll be an integral part of the small yet mighty team of 61, challenging the status quo to positively impact the lives of many people.
• You’ll work in small teams of experts.
• 27 nationalities in total, with 6 different ones in the management team.
• We foster a community-like atmosphere: we often enjoy each other’s company after work, e.g., munching on BBQ made by Ruben, our CEO by day and master chef by night.
• And who wouldn't want to be paid to hack through a $4M server?

• Hybrid mode: We have two options:

1) Main preference is onsite for at least 3 days per week in Helsinki. If you're not in Helsinki, relocation support can be provided. Don’t worry - you won’t be alone or hangry there. (We keep a stocked fridge…)

2) In some cases, remote in the EU (with occasional travel to the Helsinki) can be arranged for the right candidate. If you're located in Zurich, Amsterdam, or London, this may be seen as an advantage.

• Level of expertise: Senior/Expert - Non-management.
• Employment type: Full-time and permanent.

Technical Security & Program

• Establish and conduct comprehensive application security testing practices across the full Verda stack.
• Design and implement security assessment methodologies for cloud infrastructure, containerized services, and AI/ML workloads.
• Help inform security requirements and standards for development teams.
• Contribute to security testing integration strategies for CI/CD pipelines
• Execute penetration testing of applications and APIs.
• Assess third-party integrations and dependencies for security vulnerabilities.

Compliance & Documentation

• Ensure application security practices support our compliance needs.
• Prepare security assessment reports for internal documentation and external auditors.

Security Research & Knowledge Transfer

• Research and evaluate mitigation strategies, security controls, and preventive measures.
• Develop comprehensive security guidance and best practices documentation for internal needs.
• Mentor developers on security implementation and help build security-first mindset across teams.

Cross-functional Collaboration

• Collaborate with teams on security configuration and hardening.
• Support incident response activities as needed.
• Act as security subject matter expert for cross-functional project teams.

The role can be adapated based on your standout area(s) of expertise. Please tell us more in the application form on the next page.

• You've become well-integrated with development teams and helped advance our internal knowledge on security.
• We've established or enhanced our processes for finding vulnerabilities earlier.

Apply sooner than later. This job ad will be removed when we’ve found the right person.

Please submit your application through our Careers page. We don’t accept applications sent by mail.

For more information, you can reach out to our Head of Security & Compliance, Michael at michael (at) datacrunch.io.