
Tacton Systems AB · Stockholm
About the Role We are looking for a Security & Compliance Engineer to help ensure security across our internal digital landscape. Reporting to Tacton’s Security...
About the Role
We are looking for a Security & Compliance Engineer to help ensure security across our internal digital landscape. Reporting to Tacton’s Security & Compliance Manager, you will play a key role in ensuring that our systems, integrations, data flows, and vendor ecosystem are secure by design and in operation.
This role focuses on internal systems and corporate security architecture, including infrastructure, integrations, and third-party services. You will combine architectural thinking with hands-on expertise and act as a trusted partner to IT, Engineering, and business stakeholders.
You will have a direct impact on how we design, connect, and secure our systems as we continue to grow globally. This is a high-impact role for someone who understands modern digital environments and how to secure them end-to-end.
What You Will Do Internal Security & Risk
Lead security assessments of systems, integrations, and data flows
Conduct technical risk analyses for system implementations and vendor onboarding
Perform threat modelling and security reviews
Define and implement security requirements for infrastructure and cloud environments
Help establish and maintain security guardrails across identity, access, encryption, and integrations
Proficiency in risk management
Knowledge of emerging cybersecurity threats and trends
Vendor & Third-Party Security
Define and enforce security requirements in procurement processes
Conduct supplier security assessments and due diligence
Evaluate third-party risks from a cybersecurity perspective
Governance & Compliance
Maintain alignment with ISO 27001 and SOC 2 Type II
Contribute to policies, standards, and security guidelines
Support incident investigations
Act as a subject matter expert in audits and internal forums
What Will Help You Thrive
5+ years of experience in cybersecurity, information security, or a related field
Strong technical foundation in cloud, networking, identity & access management, and system integrations
Strong communication and stakeholder management skills
Experience conducting technical risk assessments and security reviews
Familiarity with ISO 27001 and SOC 2 Type II
Ability to understand complex system landscapes and data flows
Comfortable working cross-functionally with IT, Engineering, and Legal
Certifications such as CISSP, CISM, or CISA are a plus
Degree in Computer Science, Engineering, or a related field
Who We’re Looking For We’re looking for someone with a strong hands-on, doer mentality who is focused on getting things done and creating real impact. You are pragmatic, prestigeless, and motivated by outcomes. You thrive in dynamic environments where responsibilities are broad, and you feel comfortable navigating uncertainty and solving problems independently. You are curious by nature, proactive in your approach, and continuously looking to learn and improve both yourself and the way things are done.
Why Tacton?
At Tacton, we’ve been building CPQ software for over 20 years. We’re a stable company with global customers and a product that’s central to how manufacturers sell
We offer competitive benefits, flexibility in how we work, and a culture that values learning and collaboration
A solid and stable company with over 20 years of industry experience.
Flexible hybrid setup - 3x a week at the office
33 days of paid time off – 30 vacation days plus 3 extra to make sure you get the rest you deserve.
Premium occupational pension – Our pension plan goes beyond ITP1, with higher employer contributions depending on your age and salary level.
Generous wellness allowance – 5,000 SEK annually to support your health and wellbeing.
Private healthcare insurance – Skip the waiting lines and get quick access to private medical care, including specialist consultations and treatments.
Parental leave top-up – We top up your parental leave so you receive up to 90% of your base salary for up to 6 months, helping you focus on your family without financial stress
Weekly treats – Fika one week, breakfast the next, because good food brings people together.
This role is based in Stockholm, where we have invested in creating our unique home right next to Hötorget station.
Tacton is a leading Software as a Service company trusted by global manufacturers. We got started in the late 1990s when six computer scientists figured out a revolutionary way to help Manufacturers overcome their most business-critical, product configuration challenges. Since those early days, we have grown to support global manufacturers seeking to thrive in a changing world.
We invite you to find out more about us @ www.tacton.com/about
TL;DR We’re looking for a Compliance Engineer who can turn regulatory requirements and security/privacy requirements into scalable engineering solutions. Why Lovable? Lovable lets anyone and everyone build software with any language. From solopreneurs to Fortune 100 teams, millions of people use Lovable to transform raw ideas into real products - fast. We are at the forefront of a foundational shift in software creation, which means you have an unprecedented opportunity to change the way the digital world works. Over 2 million people in 200+ countries already use Lovable to launch businesses, automate work, and bring their ideas to life. And we're just getting started. We're a small, talent-dense team building a generation-defining company from Stockholm. We value extreme ownership, high velocity, and low-ego collaboration. We seek out people who care deeply, ship fast, and are eager to make a dent in the world. What We're Looking For An engineer who has built compliance controls from the ground up. Experience with SOC 2, ISO 27001, GDPR, or similar frameworks. Strong architectural understanding and hands-on experience of common cloud infrastructures. Ability to automate compliance controls using code, scripts, or infrastructure tooling. A collaborative mindset - comfortable working with engineering teams and non-technical stakeholders like legal and marketing alike. What You'll Do In one sentence: Design compliance-by-design systems, automate controls and monitoring, and work cross-functionally to turn regulatory and business requirements into scalable technical solutions for secure data, privacy, and responsible AI. Design and implement compliance-by-design systems across our infrastructure that people actually want to use. Automate compliance controls and monitoring using modern tooling. Work closely with engineering teams to ensure systems meet SOC 2, ISO 27001, GDPR, and emerging AI regulations. Partner with sales, product, platform, and legal teams to translate requirements and needs into technical implementations. Help shape the architecture around data handling, privacy, and responsible AI. Our tech stack We're building with tools that both humans and AI love: Frontend: React Backend: Golang and Rust Cloud: Cloudflare, GCP, AWS, Many LLM providers DevOps & Tooling: Github Actions, Grafana, OTEL, infra-as-code (Terraform) And always on the lookout for what's next! About Your Application Please submit your application in English. It's our company language, so you'll be speaking lots of it if you join. We treat all candidates equally - if you're interested, please apply through our careers portal.
Security Operations Engineer We are now hiring for a Security Operations Engineer to join our Security team. This team drives the security programs within the business, with a heavy focus on people, processes, and automation of services. Kambi is looking for someone who wants to encourage and foster a culture of security awareness and regulatory compliance by making it easy for those less knowledgeable to Do It Right. About the Security team: You would be implementing technologies for vulnerability management, authentication and identity management, and creating security with automation. A focus for our team is to create paved roads for Development and Operations teams, to ensure they can easily secure their applications and maintain security throughout the organization. The Security Operations team also responds to incoming security threats and incidents. We provide expert security knowledge to the wider organisation. We use automation tools like Puppet, Ansible and Terraform, and work in a diverse environment with physical and virtual machines, as well as containerized workloads both on-prem and in AWS. About you: We will be very happy if you have commercial industry experience working in a security team, in either offensive or defensive roles. Additionally, previous experience working with Linux or AWS is needed, and it's a huge bonus if you have spent time working with actively with security in these areas. Prior experience with identity and authentication systems for web and Linux integrations are valued. We'd love if you were investigative, curious and passionate about security and privacy. What's in it for you? Help to secure people, every day Opportunity to work in a successful and fast-growing company A fun, flexible and Agile working culture Ability to directly influence your and your teams' work environment and processes International work environment Opportunities to travel Security Engineer I Security Operations Engineer I Cyber Security Engineer I DevSecOps Engineer I Security Consultant #wearekambi
Job Description Join our Cyber Security Engineering unit, where innovation and security drive us. We are transforming technology with modern Network Security, integrations and cloud services. We are looking for a highly skilled and experienced Senior Cyber Security Engineer to join our Network Security Engineering team. This role involves architecting, designing, implementing, and maintaining robust security measures to protect our global network infrastructure. The ideal candidate will blend theoretical knowledge with hands-on expertise. This role requires a deep understanding of cybersecurity principles, Network Security technologies, and the ability to collaborate across multiple globally dispersed stakeholders and teams. WHAT YOU’LL DO Lead the development, optimization and integration of network security policies, rules and monitoring across platforms such as NDR, SSE, SD‑WAN and proxy solutions Design and improve network security solutions across branches, stores and data centers, ensuring strong alignment with business and security needs Conduct security architecture reviews, risk assessments and threat modelling, and drive hardening initiatives across our network landscape Modernize network security by transitioning from legacy systems to modern SSE and ZTNA solutions, supported by clear roadmaps, policies and plans Monitor and enhance the performance, availability and reliability of network security solutions, ensuring compliance with ISO, NIST, GDPR and internal standards Design, configure and troubleshoot network security devices and services across on‑prem and cloud environments, providing advanced Level‑3 support when needed WHO YOU'LL WORK WITH You’ll join a friendly and collaborative Network Security Engineering team of seven, soon to be eight, working closely with colleagues across Business Tech. Your daily partners will include network SMEs, Cyber Security Advisors, Core Platforms and Global Infrastructure Services, as well as teams supporting stores, warehouses and new market entries. You’ll also connect with external partners and contribute to cross‑functional projects where network and cyber security come together. This is a highly collaborative environment where your expertise will help shape our security posture and uplift the team’s cyber maturity. WHO YOU ARE 6+ years of experience in cybersecurity engineering, with a focus on network environments Strong, practical knowledge of: Network security technologies (firewalls, IDS/IPS, SWG, SASE, VPN, CASB, ZTNA), Cloud platforms: Azure, GCP, Security architecture methodologies and governance frameworks Expertise in network security solutions and products provided by Cisco, HP Aruba, Zscaler and Citrix NetScaler (proven by certificates) Strong knowledge of risk assessment and security control frameworks (ISO 27001, NIST). Familiarity with security maturity models including C2M2 Excellent ability to translate security requirements into implementable engineering solutions. Strong understanding of IP networking and protocols, including IPsec, HSRP, BGP, OSPF, 802.11, and QoS. Understand regulatory and compliance requirements (GDPR, PCI-DSS, Schrems, etc.). Independent problem-solving, addressing complex security challenges with minimal supervision. Preferred qualifications: CCNP (Security) or higher-level certifications such as the CCIE. CISSP or OSCP security certifications. Azure Security Engineer, or GCP Security Engineer certification. Experience with Agile methodologies and tools (e.g., Jira/Confluence) WHO WE ARE H&M is a fashion brand that offers the latest styles and inspiration, from fashion pieces and unique designer collaborations to affordable wardrobe essentials. Our business idea is fashion & quality at the best price in a sustainable way. Learn more about H&M here. WHY YOU’LL LOVE WORKING HERE Benefits All our employees are included in our H&M Incentive Program (HIP) All our employees receive a staff discount card, which is usable on all our H&M Group brands in stores and online. Brands covered by the discount are H&M (Beauty and Move included), COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET. Work-life balance, 30 days’ vacation and wellness allowance 4000 SEK/yearly Access to Benify, for discounts on e.g. Gym memberships, travel, hotels and many other great deals. Compensation boost during parental leave In addition to our global benefits, all our local markets offer different competitive perks and benefits. Please note that they may differ between employment type and countries. Inclusion & Diversity H&M is a part of H&M Group. At H&M Group, we’re determined to create and maintain inclusive, diverse and equitable workplaces throughout our organization. Our teams should consist of a variety of people that share and combine their knowledge, experience and ideas. Having a diverse workforce leads to a positive impact on how we address challenges, on what we perceive possible and on how we choose to relate to our colleagues and customers all over the world. Hence all diversity dimensions are taken into consideration in our recruitment process. We are committed to a recruitment process that is fair, equitable, and based on competency. We therefore kindly ask you to not attach a cover letter in your application.