About the Role
You will own the security posture of hosted applications, container platforms, and AI environments, building automated guardrails and real-time visibility so the secure path is the easy path across a modern, globally distributed technology landscape. You'll design automated controls for containers and application deployments, enable citizen development with AI coding tools, curate internal security tooling for cost and reliability, own container security standards, manage software supply chain risk, build application security observability, and secure EQT's AI platforms against threats like prompt injection and data exfiltration. You'll also assess MCP connector risk, define behavioral baselines for agentic execution, and collaborate closely with detection, identity, and cloud security engineers.
Requirements
- Proven hands-on experience with container security including Kubernetes, image scanning, admission control, runtime protection, and policy-as-code
- A track record of building automated security controls that scale
- Solid application security fundamentals including OWASP Top 10, secure development lifecycle, and software supply chain risk
- Experience building security visibility into running systems through instrumentation, runtime analysis, or operational dashboards
- Active use of AI-assisted development tools such as Claude Code, GitHub Copilot, or equivalent
- Early or growing experience in AI and LLM security including prompt injection, data exfiltration, model API security, or agentic system controls
- Ability to communicate complex technical findings clearly to senior stakeholders
Responsibilities
- Design and deploy automated controls for container platforms and application deployments, including admission controllers, policy-as-code, and pre-configured scanning
- Enable citizen development by making AI coding tools like Claude Code and CoWork usable without requiring security review
- Curate internal security tooling, automation, and AI skills for cost, reliability, and security posture
- Own container security standards including image scanning policy, runtime baselines, and registry governance
- Manage software supply chain risk end-to-end including dependency scanning and composition analysis
- Build application security observability providing a live picture of deployments and risk concentration
- Own the security configuration of EQT's AI platforms including hardening, access controls, and data flow governance
- Assess MCP connector risk including API call patterns, data processing terms, and allowlist maintenance
- Define behavioural baselines for agentic execution environments and close AI-specific insider threat gaps
- Collaborate with Detection & Insider Threat Engineers and Identity & Cloud Security Engineers
Benefits
- Paid time off
- Parental leave
- Wellbeing and wellness support
- Flexible working arrangements
- Learning and development opportunities