Staff Security Platform Engineer

We believe conversations will become the #1 way to shop.

At Gorgias were building the platform that makes this real: a unified AI agent that sells supports and re-engages customers across the entire journey. Conversational Commerce is the future of ecommerce and were leading that shift.

Our mission is to turn every interaction between a brand and its customers into a relationship: personal seamless and intelligent. By combining deep product expertise with the latest in AI were making shopping feel more natural human and connected than ever before.

To win we focus relentlessly on:

• Quality: conversations that feel authentic and on-brand.

• Experience: effortless shopping from chat to checkout.

• Re-engagement: personal 1-1 dialogue instead of noisy marketing.

The opportunity is massive. As AI reshapes how people buy Gorgias is building the foundation for the next decade of ecommerce where every brand has its own intelligent agent and every customer feels understood.

Join us to make Conversational Commerce real.

About the role

As a Gorgias Platform Security Engineer you will contribute to our security program working directly with our SRE team and engineering leadership.

You will implement and manage essential security tools and processes with a particular focus on ensuring resilience against potential external threats and attacks.

This role will be critical in setting up proactive security measures and responding to incidents making a tangible impact on Gorgias ability to meet enterprise-grade security standards.

What you will do

Platform & cloud security

• Own cloud and Kubernetes security IAM RBAC network policies workload identity and GKE hardening across 10 global clusters

• Design secure-by-default platforms build guardrails and policy enforcement (OPA Kyverno or similar) that guide teams without blocking them

• Harden CI/CD and IaC pipelines secure GitHub Actions ArgoCD and Terraform workflows end-to-end

• Lead secrets management design and implement decoupled secrets architecture so credentials never live in deploys or repos

• Strengthen networking fundamentals VPC design peering cross-cloud connectivity and zero-trust segmentation

Detection & response

• Build security-focused logging and monitoring design the observability layer that actually catches threats not just collects noise

• Implement runtime detection IDS file integrity monitoring and behavioral anomaly detection across GKE workloads

• Develop incident response playbooks practical tested runbooks for common incident types; own the response process end-to-end

• Manage and evolve the SIEM drive meaningful signal-to-noise improvements and build automated mitigation where it matters

Auth & identity

• Design and enforce strong auth standards across internal tools APIs and customer-facing surfaces

• Audit and mature privileged access management ensure least-privilege is real not theoretical

Compliance & enterprise enablement

• Own the ongoing health of SOC 2 Type II keep controls tight between audits not just before them

• Drive the next compliance milestones ISO 27001 and data protection (PII GDPR) as we expand enterprise and global reach

About you:

• 5 years in infrastructure security cloud security or security engineering ideally in a high-growth SaaS environment

• Deep GCP and Kubernetes expertise GKE workload identity network policies RBAC; you know where the bodies are buried

• Strong networking fundamentals VPC design peering firewall architecture zero-trust networking

• Hands-on CI/CD and IaC hardening GitHub Actions ArgoCD Terraform security patterns

• Auth expertise OAuth 2.0 OIDC SAML; you can design and audit identity flows not just enable SSO

• Policy-as-code experience OPA Kyverno or equivalent; guardrails at the platform layer

• Detection and response background SIEM IDS runtime security tools and experience writing real runbooks

• Compliance experience SOC 2 (Type II preferred) ISO 27001 GDPR/PII data protection

• Scripting fluency Python Go Bash for automation tooling and incident response scripts

Our Stack

Youll be working closely with our SRE team a group of experienced engineers who are building and maintaining:

• Multi-TB Postgres clusters

• RabbitMQ and Redis with tens of thousands of operations per second

• 10 full-featured GKE clusters globally with over 15k tenants

• A new stack of Kafka Debezium and Apache Flink

• Github Actions CI and ArgoCD for scalable deployment strategies

• Best practices around Kubernetes/Helm/Operators SLIs/SLOs Incident Management Observability Security and Disaster Recovery

AI at Gorgias
At Gorgias AI is a natural extension of how we work and build. Our teams use it every day to research write analyze code and craft better customer experiences. Everyone has access to premium AI tools (ChatGPT Claude Granola & others) and an annual L&D budget to explore new ones.

The real magic happens when we share what we learn. Our #powerup Slack channel is a digital petri dish of new tools and workflows and each team has AI champions who showcase fresh ideas during weekly company-wide standups now practically AI demo sessions.

We see AI not as a replacement for creativity or empathy but as a multiplier helping us move faster think deeper and serve customers better.

AI use in Recruiting at Gorgias
By submitting your application you agree that Gorgias may collect and process your personal data for recruiting workforce planning and related purposes. For more information about how we process your data and your rights please refer to our Applicant Privacy Policy.

Diversity & Inclusion at Gorgias
Were committed to creating an inclusive environment where everyone can thrive. We welcome applicants from all backgrounds experiences and perspectives because diverse teams drive innovation and better decision-making.

If you need accommodations during the application or interview process please contact us at .

Required Experience:

Staff IC