
Senior Security Engineer
- Hybrid
- Cairo, Al Qāhirah, Egypt
- Tech
Job description
Ready to join the fastest-growing tech company in the Netherlands?
In 2023 we received the prestigious Oryx Award 2023 by the Dutch Financial Newspaper (FD), for the company with the most exceptional growth performance. We were awarded 1st place by the Deloitte Fast 50 award in 2019 for growth and innovation, 7th place in 2020. We’ve continued our strong growth during and after Covid times, and have ambitious plans for the future. Now, we are looking for a driven and skilled Senior Security Engineer to join our team to further conceptualize and execute our growth ambition.
About Experiencegift
Experiencegift is home to Hotelgift, Flightgift, Traingift and Activitygift. Our gift cards can be redeemed for over 750,000 hotels, 400 airlines, 50,000 activities worldwide and train journeys all across Europe. We believe in experiences over things. Our mission is to enable our customers to spread joy by giving the gift of experiences that can be redeemed whenever, wherever. As we sell in over 50 countries worldwide, we’ve built a diverse team of over 50 colleagues and more than 15 nationalities. We have subsidiaries in Amsterdam, London, Athens, and New York.
The mission
You will design, build, and own our end‑to‑end security architecture—covering both traditional infrastructure and a growing portfolio of AI/ML services. That means hardening our global AWS estate, safeguarding a Linux fleet fronted by Apache httpd & Nginx, embedding AI‑assisted detections, leading regular penetration tests and red‑team exercises, and ensuring every new model or LLM feature ships with threat models, privacy guarantees, and adversarial‑robustness tests baked in.
Emerging AI Threats You’ll Confront:
Prompt‑injection & jailbreaks – attackers subvert system or developer instructions to leak data or execute unintended actions.
Model supply‑chain poisoning – malicious or trojanised checkpoints slip into CI/CD or third‑party registries
Data‑exfil hallucinations – LLMs leaking sensitive training data via crafted queries or structured probing
Adversarial examples & model evasion – subtle perturbations that flip predictions, bypassing WAF or fraud filters
Training‑time privacy attacks – membership inference, model inversion, and gradient leaks targeting private datasets
Shadow‑model cloning – competitors scrape your public API to replicate proprietary capabilities
LLM‑enabled phishing & social engineering – AI‑generated spear‑phishing that targets employees and customers
Model‑weight exfiltration – insider or remote compromise aimed at stealing costly fine‑tuned weights
What will you do?
Security architecture & design — own threat models (including AI threat trees and model‑supply‑chain diagrams), create reference architectures, publish ADRs, and set the roadmap for all preventive & detective controls across cloud, network, host, and ML layers
Secure‑by‑design engineering — codify CIS‑level hardening of Linux, Apache, and Nginx; write Terraform/OPA guardrails; automate firewall configs (iptables/nftables, Security Groups, NACLs, WAF); and establish secure MLOps baselines (model signing, provenance, policy checks)
AI‑assisted detection & response — build/maintain ML pipelines that correlate logs, traces, and telemetry, deploy LLM‑powered enrichment for SOC triage, author eBPF + graph‑ML detections, and lead blameless post‑incident reviews
Systems administration & reliability — curate Debian/Ubuntu AMIs, manage config drift with Ansible, patch kernels promptly, and keep Apache/Nginx modules current while instrumenting performance KPIs
Performance & capacity checks — use Prometheus/Grafana plus AI‑driven forecasting to predict capacity hot spots, profile slow Nginx workers, and feed findings back into architecture decisions
Model & data security governance — enforce data‑classification controls, oversee red‑teaming of LLM prompts, and champion privacy‑preserving techniques (differential privacy, RAG access controls, K‑anonymity)
Offensive security & knowledge sharing — plan and execute internal/external penetration tests, manage remediation sprints, publish runbooks, and mentor embedded security champions
What will you bring?
Residency in Egypt
7+ years securing Linux‑based production systems and web infrastructure, with at least 3 years as the primary architect of security controls
Experience shipping, securing, or red‑teaming AI/ML systems (model supply chain, prompt‑injection defenses, data governance)
Demonstrated success planning and conducting penetration tests or red‑team engagements, plus translating findings into actionable hardening steps
Expert‑level proficiency with AWS (EC2, VPC, IAM, S3, CloudFront, WAF, Bedrock/SageMaker)
Deep experience designing and automating firewall configurations (iptables/nftables, Security Groups, NACLs) and web‑application firewalls for Apache/Nginx
Hands‑on IaC (Terraform, Pulumi, CDK), config management (Ansible/Chef), and observability stacks (Prometheus, Grafana, ELK)—plus a working knowledge of data‑pipeline tooling (Kafka, Kinesis, or Flink) for AI telemetry
Ability to trace a packet from kernel space to ELB, profile an LLM‑backed API latency spike, then script the fix in Python/Bash/Go
Proven track record automating compliance controls (CIS Benchmarks, ISO 27001, SOC 2, and emerging AI‑regulation baselines such as the EU AI Act)
Clear, concise communicator—able to brief execs on architecture risk and coach engineers on hardening techniques
Fluency in English
Nice to have
OSCP/OSCE or equivalent offensive‑security certifications
Kubernetes ingress hardening (NGINX‑Ingress, Istio) and AI‑aware admission controllers
Experience with confidential computing, hardware enclaves, or homomorphic encryption for model inference
Publications or conference talks on adversarial ML or secure MLOps
Certs that show depth, not checkbox (GIAC GCSA/GSE, AWS Certified Security – Specialty)
What can you expect from us?
Opportunity for significant and fast impact
Freedom to come up with new ideas and initiatives
Lots of learning and development opportunities
Salary reflective of skills and experience and performance-based bonus potential
Pension plan
20 vacation days
High-end new laptop
Hybrid or full-remote policy
Awesome annual trip abroad with the entire company
Flexibility of working from abroad 2 weeks per year
Young, friendly, ambitious, international team in Amsterdam, Athens and London
This is a full-time job (40H/week) based in Cairo and is available as soon as possible.
At Experiencegift we offer you the opportunity to work in a scale-up culture where everything you do matters. In our office in the center of Amsterdam, you will have the freedom to experiment and evolve your own projects. You will be part of an international, driven, award-winning team and will gain experience in a very fast-growing scale-up environment. By providing a creative, dynamic, and innovative environment, we empower our people for unlimited success.
Ready to make a real impact in a thriving company? Apply directly here or visit our career page for more details. We are looking forward to meeting you!
Job requirements
Residency in Greece
7+ years securing Linux‑based production systems and web infrastructure, with at least 3 years as the primary architect of security controls
Experience shipping, securing, or red‑teaming AI/ML systems (model supply chain, prompt‑injection defenses, data governance)
Demonstrated success planning and conducting penetration tests or red‑team engagements, plus translating findings into actionable hardening steps
Expert‑level proficiency with AWS (EC2, VPC, IAM, S3, CloudFront, WAF, Bedrock/SageMaker)
Deep experience designing and automating firewall configurations (iptables/nftables, Security Groups, NACLs) and web‑application firewalls for Apache/Nginx
Hands‑on IaC (Terraform, Pulumi, CDK), config management (Ansible/Chef), and observability stacks (Prometheus, Grafana, ELK)—plus a working knowledge of data‑pipeline tooling (Kafka, Kinesis, or Flink) for AI telemetry
Ability to trace a packet from kernel space to ELB, profile an LLM‑backed API latency spike, then script the fix in Python/Bash/Go
Proven track record automating compliance controls (CIS Benchmarks, ISO 27001, SOC 2, and emerging AI‑regulation baselines such as the EU AI Act)
Clear, concise communicator—able to brief execs on architecture risk and coach engineers on hardening techniques
Fluency in English
No agencies please, we manage our recruitment processes internally.
or
All done!
Your application has been successfully submitted!