Head of Security

We are a fast-growing Series A startup building cutting-edge technology to revolutionize cloud development processes and support highly efficient dev & test feedback loops. LocalStack provides a high-fidelity emulator and local cloud development platform enabling cloud applications and data pipelines development entirely on local machines within a lightweight cloud sandbox running in Docker. The company has a large and active developer community with over 100k active users worldwide and 290M+ downloads to date, serving customers from SMBs to Global Fortune 500 companies. LocalStack is headquartered in Zurich, Switzerland, with a main engineering office in Vienna, Austria, and remote team members globally.

• Expert knowledge of threat modelling, vulnerability management, and tools like intrusion detection, network security, or Linux/Unix OS hardening.
• Practical experience with cloud security (AWS preferred).
• Good knowledge of common standards such as SOC 2, ISO 27001, GDPR, even if not formally certified.
• Strong documentation skills and ability to make complex topics accessible to non-experts.
• Good understanding of US and EU security and compliance expectations.
• Prior engineering experience strongly preferred.
• Proactive, pragmatic, and capable of risk-based decision-making.

• Ensure robust security posture of the product across various components including LocalStack emulators, LocalStack Cloud platform, and data warehouse.
• Lead initiatives for incident monitoring, intrusion detection, and vulnerability management.
• Define and implement regular security auditing procedures across systems and access controls.
• Deliver a sustainable, scalable process for vendor risk assessments and other security-related initiatives including completing and submitting vendor risk assessments to support sales process.
• Ensure secure configurations and permission models in collaboration with engineering teams.
• Identify gaps between claimed and actual compliance and propose/lead corrective actions.
• Own documentation of security controls, configurations, and policies.
• Engage with internal stakeholders to evaluate different security threats and attack vectors.
• Generate and distribute internal audit and compliance reports at regular intervals.

Only candidates located in Poland are considered.