Ultrahuman is looking for an Information Security Engineer to own and scale our security posture end-to-end. This critical role is responsible for the overall security of our systems, with a core focus on data and application security.

We seek a hands-on engineer who can architect robust security defenses, manage risk, and drive security-focused initiatives across product and engineering teams. This role requires excellent problem-solving ability, a strong ownership mindset, and expertise in creating a secure-by-design environment.

What You'll Do :

- Be in charge of data and app security, ensuring comprehensive protection for sensitive user data, intellectual property, and production applications.

- Design, build, and maintain continuous security monitoring and automation pipelines (SecDevOps) to run periodic security scans against infrastructure and application code.

- Review, analyze, and triage the outcomes of security scans, vulnerability assessments, and penetration tests, and manage the remediation lifecycle, especially for critical and high-severity findings.

- Actively help in various audits and compliances (e.g., ISO 27001, GDPR, HIPAA, SOC 2, or other industry standards), ensuring all security controls meet regulatory and contractual protections.

- Introduce and enforce security best practices across all engineering functions, including secure coding standards, data encryption (in transit and at rest), and secure configuration management.

- Perform internal code audits from time to time and security design reviews on core systems to proactively discover hidden vulnerabilities and verify that key security controls are implemented correctly.

- Develop and integrate security controls into the software development lifecycle (SDLC) to prevent security issues from reaching production environments.

- Configure and monitor security log events data, usage anomaly detection, and other telemetry to quickly identify suspicious or unauthorized activity.

- Participate in the security incident response program, contributing to the proactive detection, containment, and analysis of security incidents.

- Evaluate and manage security risks associated with third-party vendors and applications, including conducting security questionnaires and reviewing third-party penetration testing reports.

What We're Looking For :

- 4 to 6 years of experience in an Information Security, Application Security (AppSec), or Data Security role.

- Proven hands-on experience in implementing security controls for cloud platforms (e.g., AWS, GCP, Azure).

- Strong practical knowledge of at least one scripting language (e.g., Python) for building security tooling and automation.

- Deep expertise in web application security, mobile application security, and common vulnerability frameworks (e.g., OWASP Top 10).

- Experience with compliance frameworks (e.g., ISO 27001, SOC 2, HIPAA, GDPR) and managing audit processes.

- Hands-on experience configuring and analyzing output from security testing tools (SAST, DAST, vulnerability scanners).

- Familiarity with security information and event management (SIEM) systems and leveraging log data for security monitoring.

- Strong ownership mindset and ability to work independently in a fast-paced environment.

Core Skills : Information Security, Application Security (AppSec), Cloud Security, Data Security, Security Automation (SecDevOps), Compliance & Auditing, Vulnerability Management, Python, Penetration Testing, IAM/Access Control