Laravel is a globally distributed software company behind one of the world’s most popular web application frameworks. Our tools and platforms help millions of developers build, deploy, and maintain modern web applications. We focus on thoughtful engineering, developer experience, and building products that are reliable, secure, and a pleasure to use.

At Laravel, security is not a gatekeeping function; it’s an enabling one. We build tools and platforms used by millions of developers worldwide, and we take seriously the trust they place in us. We’re looking for a Security Engineer to help us strengthen that trust by improving how we secure our infrastructure, applications, and operations as we continue to scale.

This role is ideal for someone who enjoys working close to production systems, collaborating with engineers, and solving real-world security problems pragmatically. You’ll help ensure our products and internal systems are secure, compliant, and resilient, all without slowing teams down.

Description of the Role

As a Security Engineer, you’ll be part of Laravel’s Security & Compliance function within Engineering, reporting to Kevin Mitsch. This is a hands-on role with broad scope, spanning cloud and SaaS security, vulnerability management, compliance support, security operations, and developer enablement.

You’ll work closely with engineering, product, and operations teams, acting as a trusted partner who helps embed security into everyday workflows rather than bolting it on after the fact.

Your 12-Month Mission

Imagine we’re all at a Laracon in 12 months’ time, and we’re talking about you being an amazing hire, and everything that you have done:

Within your First 30 Days
You’ve learned Laravel’s systems, products, and security landscape, built strong working relationships, and identified the most important risks and opportunities.

By Day 60
You’re delivering visible wins - improving access controls, tightening configurations, reducing known vulnerabilities, and supporting audits or compliance requirements with confidence.

By Day 90
You’re driving meaningful progress on larger initiatives: strengthening cloud security posture, improving vulnerability management workflows, and helping teams ship more securely by default.

And at the end of Year One
You’re a trusted security partner across the company - known for your sound judgment, calm handling of sensitive issues, and ability to balance security, reliability, and developer velocity.

What You Will Do

Own security operations across cloud infrastructure, SaaS platforms, and internal systems
Strengthen cloud and infrastructure security, including identity, access control, network controls, logging, and data protection
Identify, prioritize, and remediate vulnerabilities using scanning, monitoring, and reporting tools
Partner with engineering teams on application and platform security, threat modeling, and secure configuration
Support compliance efforts across frameworks such as ISO 27001, SOC 2, PCI-DSS, HIPAA, and GDPR
Manage and collaborate on bug bounty and security research, triaging findings and supporting remediation
Respond to security and privacy requests, including abuse reports, phishing, DMCA takedowns, and GDPR requests
Automate wherever possible, improving security processes through scripting, CI/CD, and infrastructure-as-code

Requirements

Requirements - What You Will Bring

Experience in security operations, information security, or application security engineering
Practical experience securing cloud environments (AWS preferred) and SaaS platforms
Strong understanding of web application security, secure development practices, and OWASP Top 10
Familiarity with security and privacy frameworks such as ISO 27001, SOC 2, HIPAA, GDPR, and NIST
Ability to work across teams, communicate clearly, and take ownership of outcomes
Comfort operating in ambiguous situations and applying judgment where playbooks don’t exist
Experience with the Laravel framework and ecosystem is a significant plus.

Requirements - Bonus Skills

Experience building security automation and operational tooling
Familiarity with CI/CD pipelines and infrastructure-as-code
Hands-on experience with bug bounty programs
Security certifications such as CISSP, CCSP, or similar
A degree in Cybersecurity or a related discipline

Location

Fully remote, EU Based

Benefits

Small tight-knit team where every developer counts
Fully remote and globally distributed working environment
Option to attend Laracon conferences around the world
Health care plan (Medical, Dental & Vision)
Paid time off (Vacation, Sick & Public holidays)
Family leave (Maternity, Paternity)
Pension plans (As locally applicable)
Performance based bonus plan
Company equity