Security Engineer

ShopFully is the tech company leader in Drive To Store that connects millions of shoppers with the stores around them. We help people save time and money and make smarter shopping decisions and we support retailers and brands engaging with consumers throughout the customer journey, from online research to in-store shopping.

With our proprietary websites and apps, a network of publishers and digital platforms and our proprietary tech solutions, we reach 200 millions users globally.

We joined MEDIA Central Group in 2023 and we are now a partner to over 500 top retailers and brands in 25 countries across Europe, Australia and Latin America.

We’re a team of over 450 people focused on Digital Retail, spanning 30 different nationalities, with a mission: reinventing local shopping worldwide.

Are you ready to join us?

WHO WE'RE LOOKING FOR 🔍

We are seeking a highly skilled and motivated Security Engineer to be the foundational member of our new cybersecurity team. This role is a unique opportunity for a versatile and "big head thinker" to work directly with the DIrector Information Security in shaping and executing the cybersecurity strategy for a dynamic, fast-paced, and global environment. This position will be critical in building a mature and resilient security posture across the entire Flipp and Shopfully group, touching upon all aspects of our security program, from technical implementation to governance and application security.

The ideal candidate has a strong technical background with a broad understanding of the security landscape, including hands-on experience in both GRC and application security. As the a key team member, you will be instrumental in a wide range of activities and will serve as a key technical partner to the Director Information Security, with the potential to specialize in a GRC or Application Security role as the team grows.

WHAT YOU'LL DO 💪🏻

Technical Implementation & Operations:

• Work closely with the CISO to implement and operate core security tools and technologies (e.g., WAF, DDoS protection, security scanners, SIEM).
• Serve as the first point of contact (Tier 1) for user-reported security issues and incidents.
• Collaborate with engineering teams to troubleshoot and fix vulnerabilities discovered during penetration testing and security assessments.
• Actively participate in the design and implementation of a Zero Trust security model and mandatory 2FA deployment.

Governance, Risk & Compliance (GRC):

• Assist in the creation and implementation of a unified Information Security Policy and other security-related policies.
• Conduct security assessments and due diligence on third-party vendors, helping to create a robust vendor risk management program.
• Work with the legal team on activities related to GDPR and DPO (Data Protection Officer) requirements.

Application & Cloud Security:

• Engage with engineering and product teams to integrate security into the development lifecycle (SSDLC).
• Provide support to developers on secure coding practices and help address application-level vulnerabilities.
• Contribute to the ongoing security assessment of our AWS cloud environment, including configurations, access, and security state.

Strategic & General Security Tasks:

• Support the overall cybersecurity strategy and roadmap, ensuring alignment with business objectives.
• Perform risk assessments and assist in prioritizing security initiatives based on a risk-based approach.
• Act as a key partner to the CISO in day-to-day security operations and special projects.

WHAT YOU'LL NEED 🪄

Experience:

• 7-10 years of hands-on experience in cybersecurity, with a strong background in startup or fast-paced, high-growth environments.
• Proven experience in IT security, including managing and securing AWS cloud environments.
• Demonstrable background in managing security processes, with some exposure to both GRC and Application Security principles.

Skills:

• Excellent interpersonal and communication skills, with the ability to effectively collaborate with a wide range of stakeholders from technical teams to legal and executive management.
• Strong problem-solving and critical thinking abilities, with a capacity to think strategically ("big head thinker") and act tactically.
• High level of responsibility and a proactive approach to security challenges.
• Fluency in English.
• Knowledge of Italian and/or German is an advantage.

Education & Certifications (Advantageous):

• A bachelor's degree in Software Engineering, Computer Science, or equivalent practical experience.
• Relevant security certifications such as CISSP, CISM, CCNA, or equivalent professional qualifications.

 

WHAT YOU'LL FIND AT SHOPFULLY 

🌎 An opportunity to build your experience in an internationally growing scale-up company;

🕶️ A young and informal work environment;

🏡 Flexible work arrangements encouraging smart and/or full-remote working;

💻 Company laptop and all you need to set up a proper home-working station;

🍕 Meal vouchers (yes, also while working remotely!);

🙌🏻 Annual token to spend on our Welfare Platform.

💡 1.5 hour of Learning Time per week.

 

🌎 LOCATION: Looking for an exciting international career opportunity while staying in Italy? This is your chance!

ShopFully is part of the same group as Flipp, a leading Canadian company, and we’re looking for talented professionals to join us. You’ll be hired in Italy while working directly within Flipp’s organization, in a fast-paced, innovative environment. 

Since you’ll be collaborating with colleagues across different time zones, a bit of schedule flexibility will help you stay connected with our amazing teams in Canada!

If you’re excited about joining a dynamic, international team, working on cutting-edge projects, and expanding your career globally—without leaving Italy—we’d love to hear from you! 🚀

 

If you choose to apply for this specific job position and submit your application, which may include personal data such as your identifying details, contact information, curriculum vitae, cover letter, professional qualifications, and/or employment history, please be informed that your data may be shared with our Affiliates*, including Offerista Group GmbH and Flipp Operations Inc. The aforementioned entities will act as joint controllers for the limited purpose of intra-group sharing related to the evaluation of candidates’ applications. This means that your data may be processed by the Affiliate to assess your application and, if deemed suitable, to contact you regarding potential employment opportunities. However, please note that from the moment an Affiliate initiates direct contact with you and engages in any further processing of your personal data beyond the initial intra-group sharing for evaluation purposes, such Affiliate shall act as an independent data controller. In such cases, the processing of your personal data will be subject to the specific privacy policies that can be found here.

* Affiliates shall mean any entity that directly or indirectly controls, is controlled by or is under common control with ShopFully SpA and its Affiliates’ subsidiaries, meaning any entity which is directly or indirectly controlled by the Affiliates.