Overview

Join to apply for the Senior Security Engineer role at Omnea.

Our Mission: The way businesses buy stuff is completely broken. Whether it’s SaaS, hardware, or contractors, the average B2B purchase takes over 3 months, requires 50+ emails, and involves multiple stakeholders (IT, Legal, InfoSec, Finance, etc.). Omnea’s platform handles the entire purchasing process: giving employees an easy place to make requests (Intake), managing the necessary approvals (Approvals Engine), and automating renewals management & supplier risk assessments. Omnea provides visibility into how, when, and why money is being spent for buyers and for finance & procurement leaders.

Given the market’s focus on capital efficiency, there’s never been a more vital time for businesses to use Omnea. We’re one of the fastest growing Series A B2B businesses in Europe, backed by Accel, First Round, & Point Nine. Welcome to Spend Control 2.0 — built for tougher times.

What We're Looking For

We’re hiring at both Level 3 (Senior) and Level 4 (Lead). For calibration, candidates typically bring 5+ years of deep security engineering experience in high-growth, cloud-native SaaS environments — but we care more about impact than years. You’ll be the first dedicated security specialist on the team, partnering with product engineers, GTM, and leadership to make Omnea the industry benchmark for security and trust.

What You’ll Do

• Make our security posture airtight. Design and implement security controls across architecture, infrastructure and code (AWS Serverless, CDK/SST, React/TypeScript).
• Shift security left. Embed SAST/DAST, IaC scanning, secure coding standards and threat-modeling into every stage of our CI/CD pipeline.
• Own compliance & audits. Run our Vanta instance end-to-end (SOC 2 Type II, ISO 27001, GDPR, etc.) and coordinate third-party pen tests, evidence gathering and policy reviews.
• Enable revenue. Partner with Sales & Customer Success to answer security questionnaires, lead RFP security sections, and join prospect calls to remove friction and build trust.
• Code and build. Contribute production-ready TypeScript, Terraform/CDK and automation scripts; raise the security bar through secure patterns, libraries and reviews.
• Drive security culture. Run incident-response playbooks, tabletop exercises, and brown-bag sessions so every Omnea engineer becomes a security champion.

What Can You Expect in our Tech team?

• Massive Ownership. You’ll set the north-star security roadmap and see it through — from brainstorming to shipping dashboards, policies and guard-rails in prod.
• Modern, Cloud‑Native Stack. Everything serverless and IaC‑driven; you’ll secure every layer.
• Continuous Delivery, Securely. We deploy multiple times/day; your guard-rails make that safe.
• Customer-Facing Impact. Your work unlocks deals, reduces time-to-close, and keeps renewal risk near zero - security as a growth lever, not a blocker.
• Collaboration & Autonomy. Plenty of heads-down coding, but also daily pairing with product engineers, GTM, and leadership on high-stakes opportunities.
• Scalability Challenges. As we 10× revenue, you’ll evolve our security architecture for multi-region HA, fine-grained data residency, and tight least-privilege controls.

About You

• Security expert & builder. You design secure architectures and write elegant code (TypeScript or similar). You’ve rolled out tooling like Vanta, Snyk, Semgrep, Wiz or Orca.
• Commercial mindset. You enjoy turning security wins into faster sales cycles and stronger renewals. You’ve partnered with GTM or directly handled customer audits/RFPs.
• Cloud-first. Deep knowledge of AWS IAM, networking, KMS, serverless hardening, and infrastructure-as-code review.
• Bias for action. You iterate quickly, ship pragmatically, and automate everything.
• Culture carrier. You coach teammates, document best practices, and keep calm during incidents.
• Comfort with ambiguity. First dedicated security hire? Perfect—you’ll set the bar.

Nice-to-haves

• Prior lead-level ownership of SOC 2 Type II or ISO 27001 certifications.
• Demonstrated open-source security contributions, CTF wins, or conference talks.
• Experience with procurement or fintech data-flows, third-party risk, or PCI.

At Omnea, we embrace diversity. We encourage you to apply even if your experience doesn’t match the full job spec. We welcome applications regardless of race, religion, color, gender, or anything else.

A Few Things To Note

• We work Tuesdays, Wednesdays & Thursdays in-person at our offices. At this early stage, in-person collaboration is important to us.
• We’re commercial, ambitious and candid about growth opportunities. See our values here.
• We sometimes use AI note-takers to help transcribe interview notes. If you’d like to opt out, note this in your application; otherwise we’ll assume consent to notetakers.

We are proud to be recognised for both our culture and product, and we are just getting started. Join us as we grow!

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Information Technology

Industries

• Software Development