Senior Platform Engineer - Application Security

Summary

We are seeking a Senior Platform Engineer with a strong security mindset to strengthen the foundations of Avallone's platform.

This is a hands-on engineering role focused on building robust guardrails that keep customer data correctly isolated (across tenants and within a tenant), observable, and debuggable.

This role focuses on preventive platform controls that make security a built-in property, not a convention.

• Location: Copenhagen (hybrid)

• Reporting line: CTO

About the role

You will own the platform guardrails that ensure strong data isolation guarantees, end-to-end observability, and fast debugging when things go wrong.

This is a hands-on engineering role focused on designing and building shared platform capabilities that make secure-by-default the natural way to ship.

This role focuses on enablement through platform guarantees, not acting as a manual approval gate for product teams.

What you'll work on

The following are some of the important areas you'll focus on:

• Data isolation guarantees (including modeling and ownership boundaries, plus schema/query isolation and safe defaults)

• Authorization (RBAC and FGA where needed, with consistent enforcement across all access paths)

• Security execution primitives (secure-by-default building blocks for queries, sharing flows, jobs, imports, and bulk or destructive actions)

• Incident response and preventive controls (translate learnings into guardrails and regression tests)

• Secure SDLC (security-minded reviews, lightweight gates for high-risk changes, and targeted test strategies)

What we’re looking for

Technical background

• Significant experience (typically 5+ years) as a backend or platform engineer working on a production SaaS product.

• Strong proficiency with:

  • A typed backend language (TypeScript/Node, Java, C#, Go, or similar)

  • Relational databases and query layers (ORMs and/or SQL)

  • Modern cloud environments (ideally AWS) and CI/CD pipelines

• Hands-on experience with:

  • Designing and implementing access control and data isolation

  • Building or maintaining logging, metrics, and tracing for critical paths

Security mindset

• Demonstrated experience thinking in terms of threats, blast radius, invariants, and failure modes in real systems.

• Familiarity with common web application security risks (for example, OWASP Top 10) and how they show up in code and architecture.

• Comfortable working in a regulated or security-sensitive environment (finance, enterprise, or similar).

Ways of working

• You reduce complex systems to clear constraints and invariants.

• You enjoy building shared abstractions and libraries that raise the floor for everyone.

• You can move between high-level design and hands-on implementation.

• You communicate clearly with both engineers and non-engineers, especially under time pressure (incidents).

Nice to have

• Experience with row-level security in relational databases.

• Experience with formal or semi-formal access control systems (for example, OpenFGA or a custom authorization service).

• SOC 2 (or similar) experience.

• Incident response experience in a SaaS context.

• Prior work in B2B enterprise, fintech, or KYC/AML domains.