Senior Application Security Analyst

About the Company

Imagine a future where everyone has instant, low-cost access to intelligence. We are building a fully featured European AI cloud with everything one needs to train, experiment with, and deploy AI models. In addition, our GPUs run on 100% renewable energy.

We are ambitious, curious, and gutsy doers. We practice low hierarchy across the company and high morale in our teams. We have already achieved a lot, yet we are only getting started. Now is your chance to join the ride. We offer more than just the job. We offer a career-defining opportunity to be part of building something big.

As a bonus, we recently raised $64M in Series A and are ready to reach new heights.

About the role

This is a hands-on role where you will systematically poke holes in our infrastructure and applications, from QEMU hypervisors to AI inference APIs. Then, you will work directly with our development teams to fix what you find and build stronger defenses.

You will be involved with the full security lifecycle: breaking things down to find issues, researching mitigation strategies, helping developers implement fixes, and training teams to prevent future vulnerabilities. This role is essential to supporting our hybrid security model and making sure our security posture meets the demands of European data sovereignty and regulatory compliance.

This is perfect for someone who loves the investigative challenge of security research but also enjoys the collaborative aspect of making entire engineering teams more security-aware.

There are many ways this role could work, with many configurations of knowledge. If you hit even 50% of this, and are an expert in what you know, reach out.

Your responsibilities

Technical Security & Program

• Establish and conduct comprehensive application security testing practices across the full DataCrunch stack.
• Design and implement security assessment methodologies for cloud infrastructure, containerized services, and AI/ML workloads.
• Help inform security requirements and standards for development teams.
• Contribute to security testing integration strategies for CI/CD pipelines.
• Execute penetration testing of applications and APIs.
• Assess third-party integrations and dependencies for security vulnerabilities.

Compliance & Documentation

• Make sure application security practices support our compliance needs.
• Prepare security assessment reports for internal documentation and external auditors.

Security Research & Knowledge Transfer

• Research and evaluate mitigation strategies, security controls, and preventive measures.
• Develop comprehensive security guidance and best practices documentation for internal needs.
• Mentor developers on security implementation and help build a security-first mindset across teams.

Cross-functional Collaboration

• Collaborate with teams on security configuration and hardening.
• Support incident response activities as needed.
• Act as a security subject matter expert for cross-functional project teams.

Your key competencies

• The role can be adapted based on your standout area or areas of expertise. Please tell us more in the application form on the next page.

Success criteria for this role in the next 6-12 months

• You have become well-integrated with development teams and helped advance our internal knowledge on security.
• We have established or enhanced our processes for finding vulnerabilities earlier.

Benefits

• Cash plus equity compensation along with various fringe benefits (e.g., healthcare, lunch, wellbeing, etc.).
• Our operations are profitable, in addition to fast growth.
• You will be an integral part of the small yet mighty team of 61, challenging the status quo to positively impact the lives of many people.
• You will work in small teams of experts.
• 27 nationalities in total, with 6 different ones in the management team.
• We foster a community-like atmosphere. We often enjoy each other’s company after work, for example, eating BBQ made by Ruben, our CEO by day and master chef by night.
• Who wouldn't want to be paid to hack through a $4M server?

Practicalities

• Level of expertise: Senior/Expert - Non-management.
• Employment type: Full-time and permanent.
• Hybrid mode: Main preference is onsite for at least 3 days per week in Helsinki. If you are not in Helsinki, relocation support can be provided. We keep a stocked fridge. In some cases, remote in the EU (with occasional travel to Helsinki) can be arranged for the right candidate.

How to Apply

Apply sooner than later. This job ad will be removed when we have found the right person.

Please submit your application through our Careers page. We do not accept applications sent by mail.

For more information, you can reach out to our Head of Security & Compliance, Michael at michael (at) datacrunch.io.

Category

DevOps / Sysadmin