Location: Remote (EMEA) · Germany/Munich preferred - CET/CEST timezone

Hi — I'm Grigory, Co-Founder and CTO at Secfix. How do you feel about shipping features yourself in the first month, building the hiring process in the second, and coaching engineers to get measurably better in the third and staying close to building longterm? If that sounds like the right order — strong engineer first, manager second — read on.

I've spent most of my career believing that the best engineering leaders aren't the ones who run the most meetings. They're the ones who make everyone around them faster, clearer, and more confident — and they can do that because they've been through the hard technical problems themselves.

At Secfix, I've been doing the engineering management work: 1:1s, hiring, design reviews, performance conversations since we started. The team is five engineers and a product designer. They're great, they work hard, and they ship. But I'm spread across too many things, and certain areas aren't getting the attention they deserve.

I need someone to take this on. Not as a delegator, but as the strongest individual contributor on the team who also happens to lead it.

You'll work directly with me and make huge impact on the engineering culture and our customers.

— Grigory

Why Secfix exists

Over 1.78 million SMBs in Europe need to comply with security frameworks — ISO 27001, GDPR, TISAX, SOC 2 — just to sell to enterprise customers. The process is manual, painful, and takes over a year. We automated it.

Our platform integrates with a company's full tech stack — AWS, Azure AD, Jira, GitLab, GCP, and more — automatically extracts compliance evidence, and guides teams to certification in weeks instead of months. Our fastest customer certified in 4 weeks instead of the industry-standard 12+ months.

We've raised €17M in total (€12M Series A), backed by Alstin Capital, Neosfer (Commerzbank), and Bayern Capital. We're on a profitable trajectory, growing fast, and building the team that will take us to European market leadership.

This space is not threatened by AI, it's amplified by it. Compliance requires deep domain expertise combined with automation. Our new AI product (CISO AI) is just getting started, and there's a huge amount of engineering work ahead: agentic workflows, intelligent evidence collection, context-aware policy generation, and more.

What you'll actually do in the first 3 months

This isn't a role where you show up and start running standups. There are no standups. Here's how we think about the first months:

Month 1: Become a strong IC. Get into the codebase, ship a meaningful feature, and prove to yourself and the team that you can build at the level we need. You don't need to be the best senior engineer on day one, but you should be onboarded and delivering high-quality work fast enough that you can credibly help others improve. Expect to spend 70–80% of your time writing code.

Month 2: Own hiring. Beyond continued IC contributions, take over engineering interviews and build a better technical interview process. The current setup depends too many people. You'll design technical challenges, run screens, and make hiring more consistent and repeatable. This matters — we're planning to double the team in the next 12 months.

Month 3: Start leading. Help design a pragmatic way to evaluate team performance — simple, measurable, not bureaucratic. Start doing more regular 1:1s with each team member, focused on three things: output x impact, quality, and AI efficiency. Identify who's behind and help them improve. Remove obstacles from top performers.

How will the role look like beyond first 3 months

Over time, the balance shifts. Coding goes from 70% to 10–20%. Hiring becomes the plurality of your work, we’ll grow the team from 5 engineers to 9 in the next months (50–70% during active hiring, 20–30% after). Mentorship and process improvement grow as the team grows. But you never fully stop building — you stay in the code enough to have credible technical judgment. I see this pattern across all our best leaders, from Lead CSM to Lead GTM.

In addition to management work, here are examples of projects you'll work on in the next months:

• Own system design on our biggest projects. You're not picking up a ticket, you're writing the technical spec, presenting the architecture, getting alignment, and driving it to production. And leaving the system in a state the team can own.

• Scale the product for mid-market. As we land larger customers, holding companies running compliance across subsidiaries, we need more granular RBAC, sub-workspace collaboration, and new control layers. You'll help build what makes that possible.

• Push the AI product forward. We're moving from "we use AI in our tooling" to "we ship AI to customers." You'll help define the backend architecture for agentic compliance workflows, intelligent evidence collection, and context-aware policy generation.

• Bring AI-assisted engineering to the whole team. You're genuinely curious about how AI tooling is changing the way we build — and you share that curiosity openly. You try new tools, figure out what works, and bring the rest of the team along. Not through formal sessions, but through the natural back-and-forth of working together day to day.

What we mean by "people-first"

When something breaks in production, some managers think: "We need a better incident response runbook. Let's create an on-call rotation. Let's add a post-mortem template." They reach for systems and documentation.

The person we're looking for thinks: "Who on the team has the most context on this service? Is someone blocked or can they jump in? Let me get the right two people talking to each other." They reach for individuals and their capabilities. This comes once you solved the problem, not before.

This matters more to us than almost anything else. At five engineers, we don't need a rigid process. We need someone who knows exactly what each person is good at, what they're struggling with, and how to get the best out of them today — not after implementing a framework.

How we work

We've written in depth about our engineering culture. Here's the short version — read the full articles linked below if you want the real picture.

• Focus is sacred. Engineers are in fewer than 2 hours of meetings per week. We write before we meet. We use Loom for async walkthroughs, Notion for specs, Gather for pairing, and Slack only for what's urgent or lightweight. We don't do status theatre. We wrote about our thoughtful communication and our remote culture, give it a read.

  To drive it home, here's a recent calendar of an engineer who has been with us for over a year:

• Small, temporary teams. A designer and two engineers. A backend engineer and a CS person. The group forms around the problem, ships, and dissolves. No standing squads, no permanent team structures — at least not yet. The people closest to the problem usually shape the solution.

• AI is already part of the craft. We use Claude for product design exploration and spec drafting. Engineers work in Cursor with encoded skills and rules that live in the codebase — component patterns, folder structure, architecture choices, and the path from Figma to Angular code. AI checks code against architecture rules before human review. We have a dedicated design QA skill that compares Figma against coded output. We don't use AI to lower the bar, we use it to reach the bar faster with more iterations behind us. In case you’re interested, we wrote a piece about it here.

• Zero-bugs. We take this seriously - this helps us to gain customer trust faster. Especially serious customer-facing problems don't sit in a backlog competing with roadmap work. Critical issues get fixed immediately. High-severity within 48 hours. Every bug has an owner. Weekly quality review as part of Monday planning. Quality as identity, in compliance, being correct isn't a nice-to-have, it's the entire value proposition. We care about edge cases, data integrity, and getting the details right. Customers notice the speed and polish before they can name it. That kind of quality builds trust. In our category, trust is the product.

• We build what customers need, not what they ask for. Customer feedback is signal, not instructions. Best products are built by people with great taste who treat feedback as signals, not KPIs. We stay close to customers — CS check-ins, support tickets, Mixpanel events, onboarding calls — but none of these sources makes the decision for us.

• Quality as identity. In compliance, being correct isn't a nice-to-have — it's the entire value proposition. We care about edge cases, data integrity, and getting the details right. Customers notice the speed and polish before they can name it. That kind of quality builds trust. In our category, trust is the product.

Why you should or shouldn't apply

We're looking for a specific profile. I'd rather be honest about it up front.

This role is for you if:

• You have an exceptional IC track record. You were already a principal-level engineer before you started managing - you didn't skip into management early because coding wasn't working out. You were already promoted to that level and stayed there, growing, before choosing to lead.

• You can hold deep technical conversations across backend, infrastructure, and — when needed — frontend. You know how to handle ambiguity at the start of a project and messy reality at the end. You write a clear technical design before you start developing — and you hold that design loosely, adapting when you get good feedback.

• You know what great engineers look like. Not the textbook definition — you've thought deeply about what makes them productive, what holds them back, and how to move them forward. You have a nuanced answer and opinion.

• You hold people to a high standard. You're comfortable giving direct feedback and having hard conversations about performance.

• You're hands-on with AI-assisted development. You've used Cursor and Claude Code in real production work, not just toy projects. You have opinions about how AI changes the engineering workflow from ideation to release, and you want to push a team to get continuously increase velocity.

• You've worked in startups. You know what it feels like when there's no playbook, no process, and the answer is "figure it out and ship it."

• You think engineering culture could startup-like at scale. You're optimistic that a small, high-performing team can stay small and high-performing as it grows even though there is little process.

• You communicate proactively in writing. In a remote team, written communication is how decisions get made and context gets shared, you take it seriously. But are not scared about jumping in a pair programming session either.

This role is probably not for you if:

• You chose engineering management because you wanted to stop coding. A lot of engineers who weren't thriving technically make this transition early. That's fine — but it's not what we need today. We need someone who's been in the codebase themselves recently, not someone who managed people who were for many years.

• Your last few roles look like: "I hired a team, built processes, coached them, and they executed." That's a top C-level profile. We need someone who's been through the challenges we have right now growing from 4 to 8 engineers in age, not a strategist.

• You're process-first. When there's a live-site issue, you think about creating a better runbook rather than getting the right person on it immediately. We believe the answer to most engineering problems is better people with better context and more ownership — not more templates. Process improvements need to be made but in the second step.

• You want to make product decisions. We have strong product intuition but we act on feedback. Leadership doesn’t decide on features, they help team find better ways to build them.

• A staff or principal engineer, to you, is someone who spends most of their time in architecture reviews and project management rather than building.

• You think at a certain team size, compromises on culture and process are inevitable (sprints, ceremonies, scrum, detailed specs) for the sake of hiring numbers. We disagree, and we want someone who actively disagrees with status quo too.

• Titles matter more to you than the work. At Secfix you're a fresh grad, engineer, a senior engineer, or an engineering manager — that's it. If the level on your LinkedIn profile is important to you, we're probably not the right fit. Most of people we hire into senior roles come from Staff/Principal level.

What we're looking for

Required

• 8+ years of backend/product engineering experience, with a track record of owning large, complex systems end-to-end — at principal engineer level or equivalent

• Some engineering management experience (1–3 years) — you've done 1:1s, performance conversations, and hiring. Ideally at a similar stage company

• Strong hands-on experience with AI-assisted coding tools (Cursor, Claude), you experimented a lot and know what works, what doesn’t

• OOP fundamentals. Some experience with Java Spring Boot, Hibernate, or equivalent

• Experience building or integrating AI/ML features in production. Practical experience working with LLMs and RAG-based systems

• Experience leading system design on significant projects, not just contributing to them

• Strong troubleshooting and debugging skills. You're the person people pull in when something is broken and nobody knows why

• Relational database design and SQL optimisation

• Experience designing technical interviews and evaluating senior engineering candidates

• Strong written and in-person communication; comfortable working in a remote, in-sync-first culture

• Startup experience. You know what building at this stage feels like

• Able to work in European timezone (CET/CEST). EMEA-based, ideally Germany

Nice to have

• Recent experience with modern Java applications in a production environment — our core platform is Java Spring Boot, but we work across multiple languages including Python and Golang

• Experience establishing salary bands, performance review frameworks, or engineering hiring processes from scratch

• Previous experience at a fully remote company

Interview process

We want to see how you think, build, and lead — not test you on algorithms. Here's the process:

• 30 min - Intro call with Talent team

• 1hr Technical Interview I - here we learn about you and you’ll do a simple coding exercise

• 1,5hr Technical Interview II - here you’ll get a bigger AI feature, do system design and build it

• Take-Home Leadership Task and min submission review with one of co-founders

Then you’ll get the offer! If we don't make an offer, we'll tell you why.

What Secfix gives you

• Remote: 100% remote with a real virtual office in Gather

• Salary: Competitive, benchmarked to European market rates (we'll share specifics once we talk)

• Equity: Generous package — we're all owners here

• Development budget: €1,000/year — yours to spend on whatever makes you better

• Workspace: Remote workspace support + co-working access

• Holidays: 26 days + local public holidays

• Health insurance: Comprehensive coverage

• Annual retreat: Last time we went to Costa Brava 🇪🇸 — before that, Austrian Alps, Portugal, Italy, and the Spanish Islands

• Tech: MacBook, monitors, headphones — the latest