Job Description
At Ocado Technology, we craft products tailored to meet the unique needs of our partners worldwide. From e-commerce software and automated warehouse solutions to robotics and optimized delivery, we're reshaping the online grocery space and beyond through innovation.
In Poland, we are a local team of technologists with a global scale. In the hearts of Wrocław and Kraków, we have gathered over 700 tech wizards - and let them do their magic.
ABOUT STREAM / DEPARTMENT: WHERE ARE WE LOOKING FOR?
As a Security Engineer, you'll be embedded in the Cyber Security team working at the intersection of software engineering, cloud infrastructure, and security. Your mission is to shift security left, integrating it into CI/CD pipelines, infrastructure-as-code workflows, and developer tooling so that security becomes a natural part of how we build and ship. You might be writing Python tooling to automate vulnerability scanning, defining Terraform modules that bake in security guardrails, hardening our AWS environments, or building the pipelines that keep our cloud posture continuously audited. This role requires a hands-on engineer who thinks in code first and views security as an engineering discipline, not a gatekeeping function. You'll work in a highly motivated and experienced team, with plenty of room to grow and influence how security is practised across the organisation.
ROLE ITSELF: WHAT WILL YOU DO?
- Design, build, and maintain security tooling and automation, primarily in Python, to support vulnerability management, scanning pipelines, and security monitoring.
- Integrate security controls into CI/CD pipelines
- Write and maintain infrastructure-as-code (Terraform) with security guardrails baked in, AWS Security tooling and audit logging.
- Secure and monitor AWS cloud environments; implement detective and preventive controls using native AWS security services (GuardDuty, Security Hub, Config, CloudTrail, IAM, etc.).
- Apply Linux expertise for system hardening, secure configuration baselines, and troubleshooting.
- Monitor and secure networks, with solid understanding of TCP/IP, DNS, HTTP/HTTPS,
- Collaborate with engineering and platform teams to embed security requirements early in the development lifecycle.
- Stay current with the security community, new tooling, CVEs, attack techniques, and cloud provider security updates.
- Produce clear documentation, threat assessments, and remediation recommendations.
Key skills and experience:
Essential
- Python programming: Strong proficiency writing production-quality Python for security automation, tooling, and scripting. This is a hard requirement.
- AWS: Hands-on experience securing AWS environments, including IAM, VPC, GuardDuty, Security Hub, CloudTrail, Config, and KMS.
- Infrastructure-as-code mindset: Comfortable working in Terraform or similar IaC tools; understands how to encode security policy into infrastructure definitions.
- Linux: Proven ability to manage, harden, and troubleshoot Linux systems in production environments.
- CI/CD security integration: Experience embedding security scanning tools into pipelines (GitHub Actions, Jenkins, or similar).
Desirable
- Terraform: Practical experience writing Terraform modules with security controls for AWS infrastructure. This significantly strengthens your candidacy..
- Container security: Knowledge of Docker and Kubernetes security hardening.
- SIEM / security monitoring: Experience with SIEM platforms for alert tuning and threat detection.
- Certifications: AWS Security Specialty, CISSP, CEH, or equivalent are a plus.
- Familiarity with Kanban methodology.
Key Attributes
- Engineering mindset: Solves security problems with code and automation, not just process.
- Technical excellence: Picks up new tools and cloud services quickly; values clean, maintainable work.
- Problem solving: Comfortable with ambiguity; able to break down complex security challenges into actionable engineering tasks.
- Collaboration: Works closely with software engineers and platform teams; communicates security requirements without being a blocker.
- Proactive ownership: Takes initiative, drives tasks to completion, and flags risks early.
- Communication: Clear written and verbal communication; able to document decisions and explain trade-offs to both technical and non-technical stakeholders.
BENEFITS: WHAT’S IN IT FOR YOU?
Work and life should fit together, so we offer a range of benefits focusing on well-being, development, and team spirit. The final package will depend on the contract type we agree on.
- Standard benefits: life insurance, private health care [Luxmed], Multisport card, lunch vouchers, company share programs, and assistance for everyday worries and serious health problems.
- Learning opportunities: access to the Learnebly platform and LinkedIn Learning, English classes, and a book library,
- Parental support: additional +10 days maternity / +20 days paternity leave, funding for nurseries and kindergartens
- Hybrid model: 2 days/week in the office and flexibility to work from almost any location for up to 30 days a year.
- Office perks: centrally located offices with car and cycling parking, and home office equipment provided.
- Career growth: a clear career path with opportunities to rotate between projects, teams, domains and roles under the guidance of highly skilled senior colleagues
- High engineering culture: unique software engineering culture with a high level of test coverage and agile environment [read about our tech stack and engineering
practices across Ocado Technology] - Speaker community: public speaking training and support for preparing presentations at conferences or meetups, including our own Ocado Technology Meetups
- Passions groups: running, cycling and more
- Annual celebrations: carnival, summer parties, family picnics, or kid’s days.
At Ocado Technology, we're always exploring, learning, and implementing new initiatives, and we're eager to share stories, insights, and experiences with you. Meet our team members during meetups [Watch recordings here]
#LI-REMOTE #LI-OT #LI-KP1