Remote Security Architect — Cloud & Compliance (Europe)

At Qdrant, security is not just a checkbox; it is a core feature of our high-performance vector database. As our Security Officer, you will be the strategic lead and technical executor of our security posture. You will bridge the gap between high-level compliance (SOC 2, GDPR, HIPAA, …) and deep-tier engineering. Your mission is to further evolve and scale our security culture with the existing "Security Champions" program while remaining hands-on with architectural risk assessments and Cloud infrastructure hardening. You aren't just managing a backlog — you are building the foundation that allows Qdrant to scale safely. Location This role is remote and open to candidates located in Europe. Candidates must demonstrate a mastery of European regulatory landscapes; this geographical preference is based on the technical requirements of the role rather than citizenship. At Qdrant, security is not just a checkbox; it is a core feature of our high-performance vector database. As our Security Officer, you will be the strategic lead and technical executor of our security posture. You will bridge the gap between high-level compliance (SOC 2, GDPR, HIPAA, …) and deep-tier engineering. Your mission is to further evolve and scale our security culture with the existing "Security Champions" program while remaining hands-on with architectural risk assessments and Cloud infrastructure hardening. You aren't just managing a backlog — you are building the foundation that allows Qdrant to scale safely. Location This role is remote and open to candidates located in Europe. Candidates must demonstrate a mastery of European regulatory landscapes; this geographical preference is based on the technical requirements of the role rather than citizenship. Tasks Backlog & Strategy: Own and prioritise the Security Backlog, translating high-level threats and compliance needs into actionable engineering requirements for the development teams. Security Champions Program: Lead and evolve our existing Security Champions initiative, mentoring engineers to perform internal security reviews and ensuring security is a distributed responsibility rather than a bottleneck. Architectural Risk Management: Conduct formal Architectural Risk Assessments on critical components (e.g., Cloud RBAC, JWT, Inference) to ensure security is "baked-in" during the design phase of the SDLC. Compliance & Audits: Maintain our "always-audit-ready" status using Drata and HeyData. You will oversee annual SOC 2 audits, GDPR requirements, and drive our OWASP SAMM roadmap toward a maturity score of 1.0. Multi-Cloud Security Governance: Oversee security posture management across AWS, GCP, and Azure; leading technical compliance audits and implementing automated identity and access management (IAM) to ensure infrastructure resilience. Vulnerability Management & Pentesting: Manage the bi-annual penetration testing lifecycle, coordinate with external security researchers (Bug Bounty Program), and ensure timely remediation of findings in coordination with the development teams. Sales & Growth Support: Act as the subject matter expert for customers, completing detailed security questionnaires and ensuring our marketing vendor ecosystem remains compliant. Requirements Must-have Experience: 5+ years in Security Engineering, DevSecOps, or as a Security Officer in a cloud-native SaaS environment. Cloud Proficiency: Technical knowledge of AWS, GCP, Azure (IAM, Multi-AZ architectures, Trusted Advisor, etc.). Regulatory & Policy Fluency: Practical experience maintaining SOC 2 Type II, HIPAA, and GDPR. You can architect a unified security policy framework that satisfies multiple compliance standards simultaneously, reducing operational overhead for the engineering team. Risk Assessment Skills: Ability to perform threat modeling and architectural risk classification on complex distributed systems. Communication: Strong stakeholder management skills; you can advocate for security resources during quarterly capacity planning and explain P0 risks to leadership. Self-Starter: The ability to move from "reading the exact policy" to "investigating the code" to provide an informed response to technical queries. Nice-to-have Familiarity with the OWASP SAMM framework. Experience using automated compliance tools like Drata or Vanta. Background in Rust or high-performance database environments. Professional certifications such as CISSP, CISA, or CCSP (Certified Cloud Security Professional), or advanced security-focused certifications from major cloud providers (e.g., AWS Certified Security – Specialty, Azure Security Engineer, or Google Professional Cloud Security Engineer). Experience navigating the AWS Foundational Technical Review (FTR). Benefits Competitive salary, equity, and benefits Fully remote setup with flexible working hours Clear ownership of reliability and operational excellence Opportunity to work on mission-critical customer-facing infrastructure Strong collaboration with platform and engineering teams If you enjoy de-risking complex cloud architectures and scaling security through a culture of shared responsibility and technical rigor, we’d love to hear from you. #J-18808-Ljbffr Qdrant