Listing Description

Gelato Technology

We own no physical production assets, nor servers, instead our asset is a cloud based connectivity platform that enables world-class on-demand production for e-commerce platforms and applications. This engineered platform needs to provide our customers access to more than 130 production partners in 32 countries and includes production plate design, routing to an appropriate partner, finally linking to logistics’ systems for delivery to the consumer. All this in 72 hours and reaching more than 5 billion people and potential consumers in a smarter, faster, and greener way.

Imagine a seamless production platform that empowers our B2C, B2B, and SaaS customers  to innovate with speed, security, and boundless scalability. At the heart of this vision stands our Platform Team, committed to delivering an exceptional cloud-native foundation that fuels Gelato's engineering prowess.

Our mission is to empower Gelato's engineering teams with world-class infrastructure that pioneers new frontiers in accelerating delivery and optimizing our production platform. This mission encompasses critical facets of our platform: rock-solid reliability, visionary systems for observability, agile deployment strategies and the cutting-edge realms of DevOps, DevSecOps, and FinOps.

The position

Following our global expansion, we are looking for a passionate Information Security  Engineer to join our effort of protecting Gelato and, most importantly, our customer's data.

We are looking for people who want to make the Gelato platform safer for millions of users around the world. We’d love to talk to you if you’re a talented individual who is passionate about finding security weaknesses and crafting scalable and usable solutions. We are enablers who make it easier for engineers to create secure features, not blockers.

Reporting directly to the VP of Information Security, you will work closely with Product Managers and Tech Engineers.

What you'll be doing

• Collaborate closely with Product Design and Software Engineering to align with security features, roadmaps and ensure timely delivery.


• Identify vulnerabilities and develop innovative, scalable solutions to enhance our defense-in-depth strategy. This involves conducting vulnerability scans, penetration testing, and source code reviews.


• Promote a security-conscious culture by educating all Gelato employees on security best practices. Offer input on secure system design and conduct code reviews to help engineers create robust solutions.


• Monitor and respond to security incidents, including the investigation of potential threats.


• Define and enhance measurements of security risk, effectively communicate these risks to senior leadership, and influence remediation plans.


• Ensure DR&BC plans and solutions are in place and kept up-to-date.

Who you are

• A degree (Master’s is a plus) in Computer Science, a similar technical field of study, or equivalent practical experience


• 3+ years experience in security engineering or a related discipline.


• Good understanding of implementation requirements for  ISO27001 and/or SOC-2


• Experience designing and implementing production services, APIs, or security-specific libraries.


• Familiarity with cloud solutions, including AWS and GCP, and prior experience with tools like Cloudflare, ELK stack, and Burpsuite Professional, as well as scripting and programming skills, are advantageous.


• Strong strategic thinking, planning, and organizational skills.


• Fluency in English with excellent verbal and written communication abilities is a mandatory requirement.


• Hands-on certifications (such as OS*, CREST, etc) are considered a plus.

To be successful in this role, you will need to have a start-up mentality. You are committed to excelling with energy and endurance, while you understand that building a company is very hard, but that is what you want to achieve. You have superior communication skills, excellent interpersonal skills, high integrity, and great attention to detail. You are a natural and comfortable leader and have excellent problem-solving, organizational, and analytical skills. You are interested in keeping up with current best practices in your areas of expertise. You are a self-starter with the ability to excel with little to no direction. You are naturally curious. You have the ability to think creatively and holistically about reducing risk in a complex environment.

You will probably have a background in network administration, DevSecOps, or have worked as a programmer in the past. On top of this, you spent 3 or more years in a role focusing on Information Security, having performed security administration such as account management and/or firewall implementation, managing IDS/IPS, implementation of SIEM solutions and so forth, ethical hacking, or forensics and security investigations.