
Masabi · Romania
About Us_ // At Masabi, we’re driving the fare payment revolution, powering the journeys of millions all over the world. We build fare collection platforms that...
About Us_
// At Masabi, we’re driving the fare payment revolution, powering the journeys of millions all over the world. We build fare
collection platforms that allow riders to seamlessly buy and present tickets for public transport either on their mobile phones,
from a ticket machine, or even by tapping their bank card to travel.
Our Justride platform is used in over 250 locations globally, including some of the largest cities in the world. With our
industry-first mobile ticketing SDK, we’ve partnered with large players in the transport space, including Uber, Moovit and
Transit.
Your own journey is important to us too. Choosing a role here means joining a network of innovators from all walks of life; a
group of passionate individuals who consistently deliver. Here, you’ll find the tools you need to build the career you want.
Whether you’re taking the direct route or trying a new path, we’ll support you no matter what.
// At Masabi, we’re building technology that makes public transport simpler, fairer and more accessible for millions of people.
That only works if our platform is secure, trusted and reliable.
As our Head of Security & Compliance, you’ll step into a role that is central to how we build trust with our customers and scale
as a global SaaS business.
You’ll own security and compliance end to end, shaping how we approach it as a company and how it works in practice day to day.
You’ll lead a small team, bringing clarity, focus and direction as you build on solid foundations and evolve this area alongside
the business.
In the near term, you’ll focus on understanding where we are today, strengthening our approach to key areas like audits and
compliance, and helping teams move forward with confidence. You’ll work closely with Engineering, Product and Legal to turn
requirements into practical, well-executed outcomes.
This is a senior role where you’ll stay close to the work, especially in the early stages. Over time, you’ll shape a more
structured and scalable function, helping Masabi stay ahead of evolving standards and make thoughtful decisions around risk.
// This role is available in a fully remote model for candidates based in Romania
effectively
additional standards such as ISO 27017 and ISO 27018
requests
is needed
regulatory demand
Careers at Masabi are for people going places - driven by a mission to make transit fair and accessible for all.
// We are a network of innovators from all walks of life, passionate about making a difference. At Masabi, we operate with
openness and trust, creating an environment where everyone feels empowered to bring their whole, authentic selves to work.
Whoever you are, just be yourself.
// We welcome applications from underrepresented groups, including disabled and neurodivergent people, and can make adjustments at
any stage of the process. You’re also welcome to share your pronouns whenever you feel comfortable. Together, we simplify
journeys, remove barriers, and improve daily life for millions.
Why Join Masabi?
route or exploring new paths, we support your journey.
load.
We’re already powering journeys - are you ready to join us?
ABOUT THE PROJECT (DESCRIPTION, DURATION, STAGE) Hands-on AI-for-Security engagement with a regulated iGaming / online-gaming group. The client's security team is genuinely advanced: they already run an AI-driven offensive-security capability — continuous external-perimeter scanning feeding an LLM agent that plans exploitation, sources and validates exploits, and executes them in sandboxed environments — plus a runtime anomaly-detection layer watching for intrusion and privilege-escalation patterns across their products. They built this themselves and have explicitly asked us to challenge and improve it, not just rubber-stamp it. This is not a generalist AI project. Neurons Lab brings the AI-architecture and engagement depth; what's missing is the offensive-security domain lead who can sit across the table from a hands-on CISO team as a peer, pressure-test their pipeline, and own the methodology. You are that expert. The early work is concrete and consultative: understand what they've built, find where it's wrong or expensive, and propose a better way. Stage: pre-engagement / discovery (the immediate next step is a joint technical session with the client's CISO / security engineers). Duration: discovery → advisory / PoC, with strong extension probability as the security program scales across the group. Reporting: Neurons Lab CTO / engagement lead (@Alex Honchar); partners with the Neurons Lab AI Architect on the account. You are the security domain owner for this track. WHAT YOU'LL ACTUALLY DO (EXAMPLE TASKS) * Join joint working sessions with the client's hands-on security engineers; challenge and harden their AI-driven offensive pipeline end-to-end (recon → verification → AI-planned exploitation → sandboxed execution). * Design and refine the exploitation agent: how the LLM plans attack paths, selects and validates exploits, and orchestrates parallel sandboxes safely and reproducibly. * Optimise cost-per-finding of the existing exploitation pipeline: benchmark local / sovereign open models (Kimi, GPT-OSS, MiniMax, DeepSeek) against frontier models for the recon, exploitation and analysis loops; quantify accuracy / latency / cost trade-offs and recommend hardware sizing. * Shape the runtime anomaly-detection layer: define which intrusion / privilege-escalation precursor patterns are worth collecting (signal over raw-log volume), and design the missing pieces — automated response (kill a malicious process / disable an account on detection) and triage routing by criticality. * Stand up a quick-win PoC to anchor the engagement — e.g. an automated dependency / PR vulnerability-scanning pass, or a head-to-head local-vs-frontier benchmark of the exploitation agent. * Turn findings into a defensible technical proposal and roadmap; present methodology and trade-offs to a technical CISO / CTO audience. * Keep all sensitive work build-time and in-perimeter — no pushing intellectual property, configs, or recon-enabling data to external model providers; respect regulated-gaming certification constraints (no uncertified AI in runtime-critical paths). SKILLS (HANDS-ON FIRST) * Hands-on offensive security: vulnerability research, exploit development and chaining, web + network penetration testing; fluent with Nmap, Nuclei, Katana, Acunetix, Metasploit, Burp Suite and Kali tooling. * Building and operating LLM agents for security work — agentic tool-use, sandbox orchestration, prompt / flow design for recon and exploitation, guardrails for autonomous exploitation. * Local / self-hosted open models: running and tuning open weights (Kimi, GPT-OSS, MiniMax, DeepSeek) on rented or private GPU; quantization, throughput and the agentic-performance trade-offs that matter for security automation. * Exploit & threat intelligence: sourcing and validating exploits (including from underground / forum sources), CVE triage, exploitability and severity assessment. * Runtime detection: designing intrusion / privilege-escalation pattern detection, anomaly detection, and automated response. * Cloud security (AWS preferred): sandboxing, container isolation, secure inference hosting. * Writes their own code (Python + shell) and can explain methodology to non-security executives. KNOWLEDGE * Modern offensive-security methodology and the current exploit / zero-day landscape. * Strengths and limits of frontier vs. local LLMs for security automation (agentic tool-use, reasoning depth, cost-per-task). * Data-egress / sovereignty constraints: why IP and recon-enabling data must stay in-perimeter; private-cloud (AWS Bedrock) vs. rented-hardware trade-offs. * iGaming / regulated-infrastructure context and certification constraints (build-time vs. run-time AI) — strong plus. * Defensive side — SIEM, anomaly detection, incident response — plus. EXPERIENCE Key characteristics (ideally 4/4): * Hands-on offensive security * Built or operated AI / LLM-driven security automation (agents, pipelines), not just used a chatbot * Cloud hyperscaler experience (AWS preferred) * Technology consulting / client-facing delivery — can lead a CISO-level technical conversation Role-specific characteristics: * 3+ years hands-on offensive security / vulnerability research / red-team * Demonstrable exploit development and chaining; comfortable with zero-day research and exploit intelligence * Has wired LLMs into real security workflows (recon, exploitation, triage) * Has run self-hosted / local open models in a real engagement, with a view on cost and hardware * Comfortable being the sole domain expert in the room and owning the methodology TERMS & CONDITIONS * Allocation: ~0.25 – 0.5 FTE initially (discovery/advisory + joint CISO sessions), scaling with the engagement
About Us_ // At Masabi, we’re driving the fare payment revolution, powering the journeys of millions all over the world. We build fare collection platforms that allow riders to seamlessly buy and present tickets for public transport either on their mobile phones, from a ticket machine, or even by tapping their bank card to travel. Our Justride platform is used in over 250 locations globally, including some of the largest cities in the world. With our industry-first mobile ticketing SDK, we’ve partnered with large players in the transport space, including Uber, Moovit and Transit. Your own journey is important to us too. Choosing a role here means joining a network of innovators from all walks of life; a group of passionate individuals who consistently deliver. Here, you’ll find the tools you need to build the career you want. Whether you’re taking the direct route or trying a new path, we’ll support you no matter what. THE ROLE_ // At Masabi, we’re building technology that makes public transport simpler, fairer and more accessible for millions of people. That only works if our platform is secure, trusted and reliable. As our Head of Security & Compliance, you’ll step into a role that is central to how we build trust with our customers and scale as a global SaaS business. You’ll own security and compliance end to end, shaping how we approach it as a company and how it works in practice day to day. You’ll lead a small team, bringing clarity, focus and direction as you build on solid foundations and evolve this area alongside the business. In the near term, you’ll focus on understanding where we are today, strengthening our approach to key areas like audits and compliance, and helping teams move forward with confidence. You’ll work closely with Engineering, Product and Legal to turn requirements into practical, well-executed outcomes. This is a senior role where you’ll stay close to the work, especially in the early stages. Over time, you’ll shape a more structured and scalable function, helping Masabi stay ahead of evolving standards and make thoughtful decisions around risk. Location_ // This role is available in a fully remote model for candidates based in Canada within Central or Eastern time zones. Responsibilities_ * Take ownership of security and compliance across Masabi, creating clarity on priorities and ways of working * Build a clear view of our current security posture and define a practical path to strengthen it over time * Define security and compliance requirements and work closely with Engineering and IT teams to ensure they are implemented effectively * Maintain existing compliance across PCI DSS, ISO27001, SOC2 and Cyber Essentials, and lead new compliance initiatives across additional standards such as ISO 27017 and ISO 27018 * Manage audits end to end, from preparation through to delivery and follow-up actions * Work closely with Engineering and Product teams to embed security practices in a way that supports delivery * Maintain a clear and actionable view of risk, helping the business prioritise what matters most * Build a more scalable approach to customer assurance, including clearer processes and reusable materials for customer and audit requests * Help guide decisions on which compliance standards we take on as we grow * Lead and support a small team, creating focus, trust and shared direction ABOUT YOU_ * You’ve worked in security and compliance within a payments, fintech or PCI-regulated environment * You have strong, hands-on experience with PCI DSS, ISO27001 and SOC2, including preparing for and delivering audits * You’ve personally owned and delivered compliance programmes, not just overseen them * You understand how security and compliance connect, and how to make them work in practice across a business * You’ve operated in a growing or scaling company, where you’ve had to bring structure and prioritise effectively * You’re comfortable driving work across teams without direct authority, and following through to completion * You bring sound judgement when balancing risk, delivery and commercial needs * You’ve supported or led a small team and know how to create clarity and accountability * You communicate clearly with both technical and non-technical audiences, helping people understand what matters and what action is needed NICE TO HAVE_ * Experience working with additional ISO standards such as ISO 27017 and ISO 27018 * Experience scaling security and compliance in a growing SaaS company, especially through periods of increased customer or regulatory demand * Relevant certifications such as CISSP, CISM, CISA or ISO27001 Lead Auditor or similar * Awareness of AI-related security and governance considerations, and how they may apply in a SaaS environment SOME OF OUR BENEFITS_ * 20 days of vacation per year (in addition to public holidays). On top of this, our office is shut every year between Christmas and New Year, totaling a whopping 28+ days of vacation * Private Healthcare and Life Insurance * Menopause support * Choice of a workstation * Training allowance of up to CAD$1300 per year * CAD$325 per year to spend on your home office * $50 CAD per month for team building activities * Ability to work for up to 3 months per year from any country in the world * Enhanced family leave Careers at Masabi are for people going places - driven by a mission to make transit fair and accessible for all. // We are a network of innovators from all walks of life, passionate about making a difference. At Masabi, we operate with openness and trust, creating an environment where everyone feels empowered to bring their whole, authentic selves to work. Whoever you are, just be yourself. // We welcome applications from underrepresented groups, including disabled and neurodivergent people, and can make adjustments at any stage of the process. You’re also welcome to share your pronouns whenever you feel comfortable. Together, we simplify journeys, remove barriers, and improve daily life for millions. Why Join Masabi? * Driven by Purpose – We believe in journeys made simple. The work isn’t always easy, but the best things never are. * Encouraged to Accelerate – Masabi is going places and our people are in the driving seat. Whether you’re taking the direct route or exploring new paths, we support your journey. * Advancing with Empathy – We put people first and foster a culture of learning, not blame. No matter your cargo, we share the load. We’re already powering journeys - are you ready to join us?
About Us_ // At Masabi, we’re driving the fare payment revolution, powering the journeys of millions all over the world. We build fare collection platforms that allow riders to seamlessly buy and present tickets for public transport either on their mobile phones, from a ticket machine, or even by tapping their bank card to travel. Our Justride platform is used in over 250 locations globally, including some of the largest cities in the world. With our industry-first mobile ticketing SDK, we’ve partnered with large players in the transport space, including Uber, Moovit and Transit. Your own journey is important to us too. Choosing a role here means joining a network of innovators from all walks of life; a group of passionate individuals who consistently deliver. Here, you’ll find the tools you need to build the career you want. Whether you’re taking the direct route or trying a new path, we’ll support you no matter what. THE ROLE_ // At Masabi, we’re building technology that makes public transport simpler, fairer and more accessible for millions of people. That only works if our platform is secure, trusted and reliable. As our Head of Security & Compliance, you’ll step into a role that is central to how we build trust with our customers and scale as a global SaaS business. You’ll own security and compliance end to end, shaping how we approach it as a company and how it works in practice day to day. You’ll lead a small team, bringing clarity, focus and direction as you build on solid foundations and evolve this area alongside the business. In the near term, you’ll focus on understanding where we are today, strengthening our approach to key areas like audits and compliance, and helping teams move forward with confidence. You’ll work closely with Engineering, Product and Legal to turn requirements into practical, well-executed outcomes. This is a senior role where you’ll stay close to the work, especially in the early stages. Over time, you’ll shape a more structured and scalable function, helping Masabi stay ahead of evolving standards and make thoughtful decisions around risk. LOCATION_ // This role is available on a remote basis for candidates located anywhere in the UK. Candidates based in London may also work in a hybrid model, with occasional travel to the office RESPONSIBILITIES_ * Take ownership of security and compliance across Masabi, creating clarity on priorities and ways of working * Build a clear view of our current security posture and define a practical path to strengthen it over time * Define security and compliance requirements and work closely with Engineering and IT teams to ensure they are implemented effectively * Maintain existing compliance across PCI DSS, ISO27001, SOC2 and Cyber Essentials, and lead new compliance initiatives across additional standards such as ISO 27017 and ISO 27018 * Manage audits end to end, from preparation through to delivery and follow-up actions * Work closely with Engineering and Product teams to embed security practices in a way that supports delivery * Maintain a clear and actionable view of risk, helping the business prioritise what matters most * Build a more scalable approach to customer assurance, including clearer processes and reusable materials for customer and audit requests * Help guide decisions on which compliance standards we take on as we grow * Lead and support a small team, creating focus, trust and shared direction ABOUT YOU_ * You’ve worked in security and compliance within a payments, fintech or PCI-regulated environment * You have strong, hands-on experience with PCI DSS, ISO27001 and SOC2, including preparing for and delivering audits * You’ve personally owned and delivered compliance programmes, not just overseen them * You understand how security and compliance connect, and how to make them work in practice across a business * You’ve operated in a growing or scaling company, where you’ve had to bring structure and prioritise effectively * You’re comfortable driving work across teams without direct authority, and following through to completion * You bring sound judgement when balancing risk, delivery and commercial needs * You’ve supported or led a small team and know how to create clarity and accountability * You communicate clearly with both technical and non-technical audiences, helping people understand what matters and what action is needed NICE TO HAVE_ * Experience working with additional ISO standards such as ISO 27017 and ISO 27018 * Experience scaling security and compliance in a growing SaaS company, especially through periods of increased customer or regulatory demand * Relevant certifications such as CISSP, CISM, CISA or ISO27001 Lead Auditor or similar * Awareness of AI-related security and governance considerations, and how they may apply in a SaaS environment SOME OF OUR BENEFITS_ * 25 days of holiday per year plus the option to buy another 5 days pro-rated * Private Healthcare via AXA, including pre-existing conditions and mental health * Life Insurance * Menopause support * Choice of workstation * Ability to work for up to 3 months per year from any country in the world (certain limitations) * Pension scheme * Training allowance of up to £1000 per year * £200 annual allowance for any home office need or improvement * Enhanced family leave pay * Cycle to work scheme * Regular social gatherings with a monthly allowance for each employee * Fun and collaborative environment with a focus on making a difference in the world Careers at Masabi are for people going places - driven by a mission to make transit fair and accessible for all. // We are a network of innovators from all walks of life, passionate about making a difference. At Masabi, we operate with openness and trust, creating an environment where everyone feels empowered to bring their whole, authentic selves to work. Whoever you are, just be yourself. // We welcome applications from underrepresented groups, including disabled and neurodivergent people, and can make adjustments at any stage of the process. You’re also welcome to share your pronouns whenever you feel comfortable. Together, we simplify journeys, remove barriers, and improve daily life for millions. Why Join Masabi? * Driven by Purpose – We believe in journeys made simple. The work isn’t always easy, but the best things never are. * Encouraged to Accelerate – Masabi is going places and our people are in the driving seat. Whether you’re taking the direct route or exploring new paths, we support your journey. * Advancing with Empathy – We put people first and foster a culture of learning, not blame. No matter your cargo, we share the load. We’re already powering journeys - are you ready to join us?