Skip to content

Security Engineer

  • On-site, Remote, Hybrid
    • Prague, Praha, Hlavní město, Czechia
  • Engineering

Job description

Confirmo is a global stablecoin-first payment platform trusted by market leaders. Originally founded in Prague in 2014, we now run one of the most established infrastructures in the industry. In 2025, Confirmo Limited - part of the Confirmo Group - received authorization under the EU Markets in Crypto-Assets (MiCA) framework from the Central Bank of Ireland.

Now we are looking to grow our security team by Security Engineer. This is not a typical "sit back and monitor the dashboard" security role. At Confirmo, we build a leading stablecoin payment platform, and security is not just a department, it is part of our DNA.

Overview:

As our Security Engineer, you will work directly alongside our CISO and Head of Security to harden our defences, monitor our infrastructure, and ensure our code is secure. You will be stepping into a modern, cloud-native environment. We don't rely on legacy on-premise hardware; we live in AWS, use platforms such as Cloudflare for the edge security, and use modern cloud services to keep eyes on everything. This is a role for a true generalist, someone who refuses to be siloed into just "AppSec" or just "Compliance." If you are passionate about hunting threats, enjoy deep-diving into code, and want to help shape security strategy rather than just following a checklist, we want you on board.

Key Responsibilities:

  • Analyze, challenge and propose changes to our SDLC process.

  • Create and maintain policies applicable to our employee working mobile devices.

  • Together with our CISO in Ireland, perform GAP analysis comparing security standards with our own practise of using AWS.

  • Together with the Head of Security in Prague, prepare a plan of improvements.

  • Hands on implement and/or review infrastructure and code level improvements following our security roadmap.

Your Profile:

We are looking for a security enthusiast who understands that true security happens at the intersection of infrastructure, code, and compliance.

  • Cloud Security Architecture: Deep understanding of any public cloud infrastructure services (preferably AWS) and security best practices. You know how to secure a cloud-native infrastructure, manage IAM roles effectively, and audit configurations.

  • Blue Team & SIEM Operations: Proficiency with security, monitoring and observability SIEM platforms (e.g. DataDog). You will be responsible for log management, writing custom detection rules, and investigating alerts before they become incidents.

  • Application Security (AppSec): You understand secure programming principles and have a strong grasp of the OWASP Top 10. You are capable of reviewing code (Java,Typescript, Python, etc.) to help our developers catch vulnerabilities early in the lifecycle.

  • Edge & Network Security: Experience with configuring and managing network security solutions (preferably SaaS services like Cloudflare) - WAF, rate limiting, and edge protection rules to keep malicious traffic at bay.

  • Identity & Modern Auth: You are a proponent of modern authentication. You have experience with Google Workspace security, managing shared secrets, and the implementation of passkeys and hardware keys. You know that identity is the new perimeter.

  • ZeroTrust principles: You embrace and ideally have practical experience with this modern access/authentication/authorization approach, we don’t rely on VPNs. A desire to not only propose and design, but also to change and execute, with your own hands. As an example, we’re more and more relying on IaaC, using Terraform at the moment. You don’t need to be proficient in that regard, but you need to be keen to learn fast and do it right after, without relying on an Ops engineer or anyone else.

  • Vulnerability Management: You can manage the full lifecycle of vulnerabilities—from detection and triage to working with engineering teams on remediation.

  • GRC Knowledge: Familiarity with compliance frameworks such as ISO 27001, NIST CSF, SOC2, or DORA. You understand that documentation and governance are the backbone of a mature security program.

Location: Onsite, hybrid or remote (within Czech Republic) are offered for this role.

If you are interested in learning more, please submit your CV, and our recruiter, will get back to you promptly.

or