Staff/Lead Security Engineer (AppSec )

What we are building

Mimica's mission is to empower enterprises, teams, and individuals to reclaim their most precious resource — time and work more efficiently, with greater purpose and impact.

Our AI-powered task mining observes employee actions across the desktop and categorizes them into detailed process maps. Mimica’s process intelligence highlights inefficiencies, prioritizes improvements based on ROI, recommends the optimal technology for automation (RPA, intelligent document processing, GenAI), and provides a blueprint for building new automations and transforming work.

About the Role

We’re a fast-growing Scale-up building up our security program from the ground up. As the new member of the InfoSec team, you’ll own critical security initiatives end-to-end, working side-by-side with Engineers to harden our cloud-native SaaS platform and significantly raise our overall security posture.

This is a high-impact, high-autonomy role perfect for a self-starter who enjoys building and deploying scalable security processes in a scale-up environment. Your manager will be the Head of InfoSec, and you’ll have another Security Engineer as a peer.

What You’ll Do Day-to-Day

• Lead the build-out and operation of core security capabilities: vulnerability management, patching, SIEM/logging, cloud security monitoring, and alert triage.
• Deploy, configure, and tune security tooling (scanners, WAFs, CSPM, SIEM, endpoint protection)
• Partner with engineering to build security at App or Cloud level, with developer experience in mind.
• Triage and assess vulnerabilities, drive remediation prioritisation, and reduce risk in a pragmatic yet rigorous way.
• Design and implement tactical incident-response playbooks and improve detection coverage.
• Periodically review major architectural changes and guide engineering on secure design trade-offs.
• Continuously improve processes so security scales as the company grows.

Who We’re Looking For

• Senior+/Lead/Staff experience (typically 7+ years) in security engineering or SecOps, with a strong preference for hands‑on roles in startup or scale‑up environments.
• Strong expertise in AppSec or CloudSec
• Proven ability to independently deploy and manage cloud security solutions, especially in GCP (big plus), AWS, or Azure.
• Experience preparing for SOC2, ISO 27001, or FedRAMP
• Deep expertise in one or ideally several of the following: vulnerability management programs, cloud-native SIEM/logging, CSPM/CNAPP tools, IaC security, secure SDLC integration, and incident response.
• Strong communication skills - you can explain complex risks or trade-offs clearly to both technical and non-technical audiences.

Nice to Have

• OSCP, CISSP, or similar offensive/security certifications;
• Leading a security function
• Experience in a successful startup/scale-up

Recruitment Stages

• Stage 1 | Recruiter Screen with Technical Recruiter
• Stage 2 | Hiring Manager interview with Head of InfoSec
• Stage 3 | Live Challenge - with the Sec + Engineering Team
• Stage 4 | Behavioural Interview - with Manager + CTO & Co-founder

If you’ve led a security function before, or ever thought “I could build a much better security program than what I’m seeing right now” - this is your chance.

We are excited to meet you!

What we offer

Generous compensation + stock options - aligned with our internal framework, market data, and individual skills.

Distributed work: Work from anywhere - fully remote, in our hubs, or a mix.

Company-issued laptop, remote setup stipend, and co-working budget

Flexible schedules and location

☀️ Ample paid time off, in addition to local public holidays

Enhanced parental leave

♀️ Health & retirement benefits

Annual learning & development budget

Annual workaways and regular virtual & in-person socials

Opportunity to contribute to groundbreaking projects that shape the future of work

Note : Some benefits may vary depending on location and role

⚠️ Mimica will only contact candidates from an @mimica.ai email address. We do not request banking or sensitive personal information during the recruiting process.