
HiQ · Stockholm
Du som vill väva in säkerhet i moderna utvecklingsflöden och se effekten hela vägen ut i produktion kommer att trivas här. Som DevSecOps Engineer på HiQ i Stock...
Du som vill väva in säkerhet i moderna utvecklingsflöden och se effekten hela vägen ut i produktion kommer att trivas här. Som
DevSecOps Engineer på HiQ i Stockholm får du kombinera webbutveckling, moln och säkerhet i uppdrag där din kompetens märks varje
dag.
Som DevSecOps Engineer hjälper du våra kunder att bygga säkra, robusta och moderna webblösningar från arkitektur till produktion.
Du arbetar med backendutveckling, CI/CD-flöden, molnplattformar, containers och ser till att säkerhet finns med i varje steg. Du
identifierar och analyserar säkerhetsrisker i webbapplikationer, genomför säkerhetsgranskningar, arkitekturanalyser och
hotmodellering och är ett naturligt bollplank för både utvecklare och beslutsfattare. I många uppdrag är du drivande i att
etablera eller stärka DevSecOps-arbetssätt så att snabba releaser och hög säkerhet går hand i hand.
säkerhet
svenska i tal och skrift, goda kunskaper i engelska samt svenskt medborgarskap
Meriterande är konsulterfarenhet och certifieringar som CSSLP, CKS, AWS eller Azure Security, CompTIA Security+ eller andra
relevanta IT säkerhetscertifieringar.
Hos oss möts säkerhet, utveckling och moderna arbetssätt i vardagen. Du arbetar i uppdrag där din kompetens gör tydlig skillnad,
tillsammans med kollegor inom utveckling, moln, arkitektur, test och säkerhet som gärna delar kodexempel, verktygstips och
erfarenheter. Vi uppmuntrar initiativ, oavsett om det handlar om att testa ett nytt verktyg i pipelinen, starta ett internt
säkerhetsnätverk eller hålla en kunskapsdelning, och du får goda möjligheter att växa genom certifieringar, kurser, konferenser
och interna forum.
Sedan 1995 har HiQ varit konsultbolaget som förenklar världen för både kunder och slutanvändare med hjälp av teknik, design och
kommunikation. Vi har alltid haft två tydliga fokus: att ha roligt på jobbet och att leverera lösningar som överträffar
förväntningarna – det är det som driver oss framåt. Som HiQare är vi stolta över en kultur som präglas av resultat, ansvar,
enkelhet och glädje. Vi tror på att arbeta tillsammans för att nå gemensamma mål och vi lägger stor vikt vid att hjälpa varandra
att växa och utvecklas. Hos oss får du inte bara möjlighet att bygga din egen kompetens, utan också chansen att lära, leda och
inspirera dina kollegor.
Just nu tankar vi energi på semestern och är därför lite långsammare på bollen än vanligt. Vi är tillbaka i början av augusti och
hör av oss då – tills dess hoppas vi att du njuter av en riktigt skön sommar! 🌞
Tech Innovation at Apotea Apotea is Sweden’s largest online pharmacy, committed to making healthcare products accessible and efficient for everyone. Our Tech department aims to redefine how AI and automation drive modern businesses — not by forcing AI into traditional workflows, but by creating AI-driven systems that give humans control, insight, and the ability to apply their expertise where it matters most. The Core Technology team builds the architectural foundation supporting e-commerce, logistics, data, AI/ML, and customer experience. We ensure all development aligns with our long-term vision and contributes to Apotea’s growth. We are now looking for a Lead Security Engineer to take full ownership of Apotea’s security strategy, ensure compliance, and enable teams to build and innovate securely at scale. The Role As Lead Security Engineer, you will define, implement, and evolve security practices across AWS (serverless-first), e-commerce, logistics, and data platforms. The role combines strategic leadership with hands-on engineering — you will implement security yourself while empowering others to do so. You will act as the first-line technical security lead, defining guardrails, monitoring risks, and leading incident response. You will develop secure practices for coding with AI assistants, ensuring generated code meets security standards, avoids data leakage, and aligns with regulations. You will also communicate complex security concepts clearly across the organization. Location: Sveavägen 168, Stockholm, Sweden (On-site) Key Responsibilities Security Leadership * Own and evolve Apotea’s security strategy across cloud, applications, and infrastructure. * Translate business and regulatory requirements into sustainable security practices. * Define guardrails, best practices, and reference implementations for teams. Hands-On Security Engineering * Design and implement secure AWS serverless and data-driven systems. * Lead IAM practices, enforcing least-privilege and zero-trust. * Oversee vulnerability management, penetration testing, and patching. * Ensure secure DevSecOps pipelines and IaC security. Monitoring & Incident Response * Build and operate monitoring, detection, and alerting systems (SIEM, EDR, GuardDuty, Security Hub). * Lead incident response: investigate, contain, and recover from security events. * Maintain and test playbooks for emerging threats. Governance & Compliance * Ensure GDPR, healthcare regulations, and industry standards compliance. * Embed security and privacy by design across development. * Partner with legal, compliance, and business units for regulatory readiness. * Provide training and frameworks for safe AI usage without compromising security. Collaboration & Culture * Work closely with engineers, architects, and product teams to integrate security early. * Mentor engineers in secure coding and infrastructure practices. * Advocate for a strong security culture. Qualifications * Extensive experience as a security engineer and organization’s main security expert. * Proven expertise in securing AWS (IAM, networking, serverless, encryption, monitoring). * Strong background in designing secure, scalable, cloud-native systems. * Hands-on experience with SIEM, EDR, vulnerability scanners, secrets management. * Deep knowledge in DevSecOps and IaC (CDK, Terraform, CloudFormation). * Programming/scripting skills: Go, TypeScript, .NET, Python, or similar. Nice to Have: experience in regulated industries, compliance frameworks (ISO 27001, NIST, PCI-DSS), or red/blue team operations. Why Join Apotea? * Stable company with a meaningful mission: improving healthcare accessibility. * Work on cutting-edge AI, ML, and automation impacting millions of customers. * Modern cloud-native technologies (serverless, AI, event-driven). * Flat, agile organization with minimal bureaucracy. * Career growth through training, mentorship, and conferences. * End-to-end project ownership from concept to deployment. * Culture of experimentation, collaboration, and innovation. About Apotea Apotea.se is Sweden’s largest online pharmacy, with the country’s broadest range of over 32,000 non-prescription items and nearly 19,000 prescription drugs for humans and animals. Recognized as Sweden’s most sustainable e-commerce company (Sustainable Brand Index 2021), we simplify everyday life for our customers with fast deliveries and expert advice. In 2024, Apotea reached a turnover of SEK 6.5 billion and currently employs about 1,000 people across Stockholm, Lidingö, and Morgongåva. Apotea is an inclusive employer that values diversity. We welcome all applicants and strive to create a work environment where people, regardless of background, gender, age, religion, or disability, can thrive and grow. Recruitment Process 1. Apply 2. Interview: Screening 3. Interview: Technical Capabilities 4. Interview: Culture Fit 5. Background Check: As a pharmacy, we always conduct a background check. 6. Offer Presented Application Do not hesitate to send in your application already today. For more information or questions, visit our career page or contact us at jobb@apotea.se. We do not accept applications via email. LinkedIn Instagram Join Us and Make a Difference - We hope you want to be a part of our team! Submit your application today—interviews are conducted on an ongoing basis, and the position may be filled immediately. Start date by agreement. Welcome to Apotea – where technology meets health and creates magic!
Natural Cycles° is a leading women’s health company that developed the world’s first birth control app, used by millions globally. We are a fast growing startup, and we promote an international working environment filled with smart and ambitious colleagues based in Stockholm, Geneva, New York, and remotely. Our mission is to pioneer women’s health through research and passion, empowering every woman with the knowledge she needs to take charge of her health. We are looking for a Security & Infrastructure Engineer to build and maintain secure tooling, integrations and infrastructure that helps Natural Cycles move fast while managing risk. The role develops internal tools, performs security reviews and security testing, improves monitoring of employee and AI-agent activity, enables teams to prototype internal tools and AI integrations safely, and turns cybersecurity and regulatory requirements into practical controls. Please note that we are hiring for this role in Sweden. What you will be doing * Develop integrations, such as Slackbots and internal assistants, to improve Infrastructure and Security workflows. * Build and maintain infrastructure that enables safe internal experimentation with POCs, helper apps, AI integrations, and automations. * Improve monitoring and detection of employee and AI-agent activity, including risks such as shadow IT, unsafe integrations, excessive permissions, and data exposure. * Protect company resources in a risk-based way according to their criticality, sensitivity, and regulatory relevance. * Use AI tools, mainly Claude, to rapidly develop code, infrastructure as code, automations, security tooling, and documentation. * Translate cybersecurity requirements, including NIS2 and medical device security expectations, into practical engineering work. * Perform security reviews, simpler penetration tests, threat modelling, and risk assessments for internal applications, integrations, and infrastructure changes. * Work independently and proactively while staying aligned with company priorities and risk appetite. What skills and experience we think you have * Strong hands-on experience with software development, infrastructure and cloud platforms. * Ability to build internal tools, automations, AI integrations, and infrastructure components using modern engineering practices. * Comfortable using AI coding assistants, especially Claude or similar tools, while maintaining quality, security, and review discipline. * Basic understanding of identity and access management, logging, monitoring, secrets management, and secure system design. * Ability to assess technical and business risk, prioritise mitigations, and document decisions clearly. * Ability to work independently in ambiguous situations while seeking alignment when needed. * Nice to have: * Practical cybersecurity experience, including security reviews, risk assessments, threat modelling, vulnerability assessment, or penetration testing. * Familiarity with compliance-driven environments and willingness to work with NIS2, medical device security, and quality-system requirements. * DevOps, platform engineering, or infrastructure as code. What we offer * Flexible work arrangement - you will be part of a team based in and around Stockholm that values effective collaboration and transparent communication, irrespective of work location * Professional development - you will work alongside knowledgeable colleagues in the continuous growth and skill enhancement environment * Modern technology - you will leverage innovative technologies and tools, within an environment that empowers you to contribute ideas and take ownership of your work * Impactful projects - you will contribute to groundbreaking projects that redefine industry standards and create tangible value * Commitment to quality - you will join a dynamic and progressive organization that prioritizes profitable, long-term product development Location We are remote-friendly, but we find great value in being able to connect with our teams in person. Most of the team you will work with is located in Sweden. Sounds interesting? If you want to be part of a successful team, we encourage you to apply for this position as soon as possible. We look forward to hearing from you! How to apply To apply, just upload your CV and answer the questions on the application form. Keep in mind that we can't accept applications through email because of GDPR, and only applications submitted via the career site (and in English) will be considered. At Natural Cycles we value diversity and inclusion because we know that teams with people from different backgrounds and experiences are stronger. We welcome candidates from all walks of life and are committed to creating an inclusive environment for all employees and candidates. Note: We are not looking for consultants or help from recruitment agencies
WE'RE LOOKING FOR SOMEONE WHO LEADS AND SETS TECHNICAL DIRECTION IN EQUAL MEASURE. SOMEONE WHO CAN MAKE HARD CALLS, NAVIGATE BUSINESS TRADE-OFFS, AND STILL WALK INTO A ROOM AND HAVE A GENUINELY USEFUL CONVERSATION ABOUT ARCHITECTURE, CREDIT DECISIONING, OR HOW AI IS CHANGING THE WAY GREAT ENGINEERING TEAMS WORK. THAT COMBINATION IS RARE. THAT'S WHY WE'RE WRITING THIS. FEW COMPANIES AT THIS STAGE HAVE THIS MUCH COOL STUFF AHEAD OF THEM. ---------------------------------------------------------------------------------------------------------------------------------- THE FOUNDATION IS BUILT. THE REAL EXPANSION STARTS NOW. We've already helped a lot of people in debt take back control of their finances. But we're moving to a much larger scale, extending the journey toward lasting financial stability and wellbeing for more people across Europe. We're profitable. We're regulated as a kreditmarknadsbolag, a licence that lets us operate across the entire EU. Germany is growing fast and Sweden and Finland is strong markets. Our 2030 ambition is to be a pan-European company. That future is genuinely exciting and not fully written yet. The team is small and intentionally so. We're not trying to build a massive organisation. We'd rather have fewer people who want to do the exceptional and sometimes the unthinkable. People who trust each other, move fast and care about doing things properly. That's the culture we've built and it's something we're protective of. AI is a big part of how we work. Not just as a strategy, but something that's lived and breathed across engineering, analytics, operations and product development. We're building internal tooling on frontier models and we believe the way strong product and engineering organisations operate is changing quickly. This role requires someone who genuinely believes that too. ---------------------------------------------------------------------------------------------------------------------------------- WHAT THE ROLE ACTUALLY IS You'll own the full technology function. That means setting direction, building the team, making trade-offs between speed and quality, and being a real contributor in leadership discussions about the business, not just the technical ones. This role is inherently cross-functional. The CTO's scope isn't tech alone, it's how technology creates value across every part of the business. How engineering decisions shape customer behaviour and the product experience. How technical choices affect our ability to expand, comply, and compete. We don't really think of "the business" and "tech" as separate conversations. You'll be close to the work. Not because we expect you to write production code every day, but because we think good technical leadership requires genuine proximity. Something that's just lived and breathed, not performed. You must be the kind of person who finds that energising rather than beneath them. The problems ahead of us are not just engineering problems. They're business problems, AI problems, regulatory problems and organisational problems at the same time. Credit decisioning across markets. Payments infrastructure. Scaling internationally. Multilingual AI systems. Understanding how customers actually behave and interact with financial products. Building a team that stays strong as we grow. You'll need to hold all of that. ---------------------------------------------------------------------------------------------------------------------------------- WHAT WE THINK MATTERS You've been here before. You've sat in a leadership team, made decisions that affected the whole business and have managed other leaders. You've scaled an organisation from scrappy to structured, without losing what made it good. If your experience is primarily hands-on engineering management, this probably isn't the right next step. You've scaled a modern B2C product company in fintech, lending, payments or another regulated financial environment where product, risk and engineering constantly influence each other. You understand the business well enough to have a real opinion in any room, not just the technical ones. You lead well. Not in a "strong leader" the LinkedIn way. People actually want to work for you and with you. You make decisions, give direction, and create clarity without creating politics. You understand systems, trade-offs and leverage. You're comfortable making difficult calls with incomplete information and you don't need the picture to be fully clear before you act. You care about impact. Not just shipping things but actually moving the needle for customers and the business. You know what good looks like and it bothers you when things aren't and you don't really know how to turn that off. That's just how you're wired. And you're genuinely excited by AI. Not just following the discourse, but actually building with it, thinking about it, and probably annoying people at dinner parties with it. You're the person who can't stop thinking about what it changes. For products, for engineering teams, for financial services, and probably for a lot of other things too. ---------------------------------------------------------------------------------------------------------------------------------- Technically, we work with TypeScript, Python, Go, GraphQL, React Native, Kubernetes, BigQuery and GCP. The stack matters less than the judgment you bring to it. This role is based in Stockholm. We're at a stage where leadership needs to be embedded, close to the teams and part of how the culture develops. That's not negotiable, but we think if this role is right for you, it won't feel like a compromise. We offer a competitive salary and meaningful equity. This is real skin in the game, we're profitable and growing, and we want you to feel that. If this sounds like the kind of problem you want to work on, we'd like to hear from you.