Skip to content

Senior Security Engineer

  • Hybrid
    • Cairo, Al Qāhirah, Egypt
  • Tech

Job description

Ready to join the fastest-growing tech company in the Netherlands?

In 2023 we received the prestigious Oryx Award 2023 by the Dutch Financial Newspaper (FD), for the company with the most exceptional growth performance. We were awarded 1st place by the Deloitte Fast 50 award in 2019 for growth and innovation, 7th place in 2020. We’ve continued our strong growth during and after Covid times, and have ambitious plans for the future. Now, we are looking for a driven and skilled Senior Security Engineer to join our  team to further conceptualize and execute our growth ambition.

About Experiencegift

Experiencegift is home to Hotelgift, Flightgift, Traingift and Activitygift. Our gift cards can be redeemed for over 750,000 hotels, 400 airlines, 50,000 activities worldwide and train journeys all across Europe. We believe in experiences over things. Our mission is to enable our customers to spread joy by giving the gift of experiences that can be redeemed whenever, wherever. As we sell in over 50 countries worldwide, we’ve built a diverse team of over 50 colleagues and more than 15 nationalities. We have subsidiaries in Amsterdam, London, Athens, and New York.

The mission

You will design, build, and own our end‑to‑end security architecture—covering both traditional infrastructure and a growing portfolio of AI/ML services. That means hardening our global AWS estate, safeguarding a Linux fleet fronted by Apache httpd & Nginx, embedding AI‑assisted detections, leading regular penetration tests and red‑team exercises, and ensuring every new model or LLM feature ships with threat models, privacy guarantees, and adversarial‑robustness tests baked in.

Emerging AI Threats You’ll Confront:

  • Prompt‑injection & jailbreaks – attackers subvert system or developer instructions to leak data or execute unintended actions.

  • Model supply‑chain poisoning – malicious or trojanised checkpoints slip into CI/CD or third‑party registries

  • Data‑exfil hallucinations – LLMs leaking sensitive training data via crafted queries or structured probing

  •  Adversarial examples & model evasion – subtle perturbations that flip predictions, bypassing WAF or fraud filters

  • Training‑time privacy attacks – membership inference, model inversion, and gradient leaks targeting private datasets

  • Shadow‑model cloning – competitors scrape your public API to replicate proprietary capabilities

  • LLM‑enabled phishing & social engineering – AI‑generated spear‑phishing that targets employees and customers

  • Model‑weight exfiltration – insider or remote compromise aimed at stealing costly fine‑tuned weights

What will you do? 

  • Security architecture & design — own threat models (including AI threat trees and model‑supply‑chain diagrams), create reference architectures, publish ADRs, and set the roadmap for all preventive & detective controls across cloud, network, host, and ML layers

  • Secure‑by‑design engineering — codify CIS‑level hardening of Linux, Apache, and Nginx; write Terraform/OPA guardrails; automate firewall configs (iptables/nftables, Security Groups, NACLs, WAF); and establish secure MLOps baselines (model signing, provenance, policy checks)

  •  AI‑assisted detection & response — build/maintain ML pipelines that correlate logs, traces, and telemetry, deploy LLM‑powered enrichment for SOC triage, author eBPF + graph‑ML detections, and lead blameless post‑incident reviews

  • Systems administration & reliability — curate Debian/Ubuntu AMIs, manage config drift with Ansible, patch kernels promptly, and keep Apache/Nginx modules current while instrumenting performance KPIs

  • Performance & capacity checks — use Prometheus/Grafana plus AI‑driven forecasting to predict capacity hot spots, profile slow Nginx workers, and feed findings back into architecture decisions

  • Model & data security governance — enforce data‑classification controls, oversee red‑teaming of LLM prompts, and champion privacy‑preserving techniques (differential privacy, RAG access controls, K‑anonymity)

  • Offensive security & knowledge sharing — plan and execute internal/external penetration tests, manage remediation sprints, publish runbooks, and mentor embedded security champions

What will you bring?

  • Residency in Egypt

  • 7+ years securing Linux‑based production systems and web infrastructure, with at least 3 years as the primary architect of security controls 

  • Experience shipping, securing, or red‑teaming AI/ML systems (model supply chain, prompt‑injection defenses, data governance)

  • Demonstrated success planning and conducting penetration tests or red‑team engagements, plus translating findings into actionable hardening steps

  • Expert‑level proficiency with AWS (EC2, VPC, IAM, S3, CloudFront, WAF, Bedrock/SageMaker)

  • Deep experience designing and automating firewall configurations (iptables/nftables, Security Groups, NACLs) and web‑application firewalls for Apache/Nginx

  • Hands‑on IaC (Terraform, Pulumi, CDK), config management (Ansible/Chef), and observability stacks (Prometheus, Grafana, ELK)—plus a working knowledge of data‑pipeline tooling (Kafka, Kinesis, or Flink) for AI telemetry

  • Ability to trace a packet from kernel space to ELB, profile an LLM‑backed API latency spike, then script the fix in Python/Bash/Go

  •  Proven track record automating compliance controls (CIS Benchmarks, ISO 27001, SOC 2, and emerging AI‑regulation baselines such as the EU AI Act)

  • Clear, concise communicator—able to brief execs on architecture risk and coach engineers on hardening techniques

  • Fluency in English

Nice to have

  • OSCP/OSCE or equivalent offensive‑security certifications

  • Kubernetes ingress hardening (NGINX‑Ingress, Istio) and AI‑aware admission controllers

  • Experience with confidential computing, hardware enclaves, or homomorphic encryption for model inference

  • Publications or conference talks on adversarial ML or secure MLOps

  • Certs that show depth, not checkbox (GIAC GCSA/GSE, AWS Certified Security – Specialty)

What can you expect from us?

  • Opportunity for significant and fast impact

  • Freedom to come up with new ideas and initiatives

  • Lots of learning and development opportunities

  • Salary reflective of skills and experience and performance-based bonus potential

  • Pension plan

  • 20 vacation days

  • High-end new laptop

  • Hybrid or full-remote policy

  • Awesome annual trip abroad with the entire company

  • Flexibility of working from abroad 2 weeks per year

  •  Young, friendly, ambitious, international team in Amsterdam, Athens and London

This is a full-time job (40H/week) based in Cairo and is available as soon as possible. 

At Experiencegift we offer you the opportunity to work in a scale-up culture where everything you do matters. In our office in the center of Amsterdam, you will have the freedom to experiment and evolve your own projects. You will be part of an international, driven, award-winning team and will gain experience in a very fast-growing scale-up environment. By providing a creative, dynamic, and innovative environment, we empower our people for unlimited success.

Ready to make a real impact in a thriving company? Apply directly here or visit our career page for more details. We are looking forward to meeting you!

Job requirements

  • Residency in Greece

  • 7+ years securing Linux‑based production systems and web infrastructure, with at least 3 years as the primary architect of security controls 

  • Experience shipping, securing, or red‑teaming AI/ML systems (model supply chain, prompt‑injection defenses, data governance)

  • Demonstrated success planning and conducting penetration tests or red‑team engagements, plus translating findings into actionable hardening steps

  • Expert‑level proficiency with AWS (EC2, VPC, IAM, S3, CloudFront, WAF, Bedrock/SageMaker)

  • Deep experience designing and automating firewall configurations (iptables/nftables, Security Groups, NACLs) and web‑application firewalls for Apache/Nginx

  • Hands‑on IaC (Terraform, Pulumi, CDK), config management (Ansible/Chef), and observability stacks (Prometheus, Grafana, ELK)—plus a working knowledge of data‑pipeline tooling (Kafka, Kinesis, or Flink) for AI telemetry

  • Ability to trace a packet from kernel space to ELB, profile an LLM‑backed API latency spike, then script the fix in Python/Bash/Go

  •  Proven track record automating compliance controls (CIS Benchmarks, ISO 27001, SOC 2, and emerging AI‑regulation baselines such as the EU AI Act)

  • Clear, concise communicator—able to brief execs on architecture risk and coach engineers on hardening techniques

  • Fluency in English

No agencies please, we manage our recruitment processes internally.

or

Experiencegift logoHomepage