Job Overview

Application

We believe conversations will become the #1 way to shop.

At Gorgias, we’re building the platform that makes this real: a unified AI agent that sells, supports, and re-engages customers across the entire journey. Conversational Commerce is the future of ecommerce, and we’re leading that shift.

Our mission is to turn every interaction between a brand and its customers into a relationship: personal, seamless, and intelligent. By combining deep product expertise with the latest in AI, we’re making shopping feel more natural, human, and connected than ever before.

To win, we focus relentlessly on:

• Quality: conversations that feel authentic and on-brand.
• Experience: effortless shopping from chat to checkout.
• Re-engagement: personal, 1-1 dialogue instead of noisy marketing.

The opportunity is massive. As AI reshapes how people buy, Gorgias is building the foundation for the next decade of ecommerce, where every brand has its own intelligent agent and every customer feels understood.

Join us to make Conversational Commerce real.

About the role

As a Gorgias Platform Security Engineer, you will contribute to our security program, working directly with our SRE team and engineering leadership.

You will implement and manage essential security tools and processes, with a particular focus on ensuring resilience against potential external threats and attacks.

This role will be critical in setting up proactive security measures and responding to incidents, making a tangible impact on Gorgias’ ability to meet enterprise-grade security standards.

What you will do

Platform & cloud security

• Own cloud and Kubernetes security — IAM, RBAC, network policies, workload identity, and GKE hardening across 10+ global clusters
• Design secure-by-default platforms — build guardrails and policy enforcement (OPA, Kyverno, or similar) that guide teams without blocking them
• Harden CI/CD and IaC pipelines — secure GitHub Actions, ArgoCD, and Terraform workflows end-to-end
• Lead secrets management — design and implement decoupled secrets architecture so credentials never live in deploys or repos
• Strengthen networking fundamentals — VPC design, peering, cross-cloud connectivity, and zero-trust segmentation

Detection & response

• Build security-focused logging and monitoring — design the observability layer that actually catches threats, not just collects noise
• Implement runtime detection — IDS, file integrity monitoring, and behavioral anomaly detection across GKE workloads
• Develop incident response playbooks — practical, tested runbooks for common incident types; own the response process end-to-end
• Manage and evolve the SIEM — drive meaningful signal-to-noise improvements and build automated mitigation where it matters

Auth & identity

• Design and enforce strong auth standards across internal tools, APIs, and customer-facing surfaces
• Audit and mature privileged access management — ensure least-privilege is real, not theoretical

Compliance & enterprise enablement

• Own the ongoing health of SOC 2 Type II — keep controls tight between audits, not just before them
• Drive the next compliance milestones — ISO 27001 and data protection (PII, GDPR) as we expand enterprise and global reach

About you:

5+ years in infrastructure security, cloud security, or security engineering — ideally in a high-growth SaaS environment

Deep GCP and Kubernetes expertise — GKE, workload identity, network policies, RBAC; you know where the bodies are buried

Strong networking fundamentals — VPC design, peering, firewall architecture, zero-trust networking

Hands-on CI/CD and IaC hardening — GitHub Actions, ArgoCD, Terraform security patterns

Auth expertise — OAuth 2.0, OIDC, SAML; you can design and audit identity flows, not just enable SSO

Policy-as-code experience — OPA, Kyverno, or equivalent; guardrails at the platform layer

Detection and response background — SIEM, IDS, runtime security tools, and experience writing real runbooks

Compliance experience — SOC 2 (Type II preferred), ISO 27001, GDPR/PII data protection

Scripting fluency — Python Go, Bash for automation, tooling, and incident response scripts

Our Stack

You’ll be working closely with our SRE team, a group of experienced engineers who are building and maintaining:

• Multi-TB Postgres clusters
• RabbitMQ and Redis with tens of thousands of operations per second
• 10+ full-featured GKE clusters globally with over 15k tenants
• A new stack of Kafka, Debezium, and Apache Flink
• Github Actions CI and ArgoCD for scalable deployment strategies
• Best practices around Kubernetes/Helm/Operators, SLIs/SLOs, Incident Management, Observability, Security, and Disaster Recovery

AI at Gorgias

At Gorgias, AI is a natural extension of how we work and build. Our teams use it every day to research, write, analyze, code, and craft better customer experiences. Everyone has access to premium AI tools (ChatGPT, Claude, Granola & others) and an annual L&D budget to explore new ones.

The real magic happens when we share what we learn. Our #powerup Slack channel is a digital petri dish of new tools and workflows, and each team has AI champions who showcase fresh ideas during weekly company-wide standups, now practically AI demo sessions.

We see AI not as a replacement for creativity or empathy, but as a multiplier, helping us move faster, think deeper, and serve customers better.

AI use in Recruiting at Gorgias

By submitting your application, you agree that Gorgias may collect and process your personal data for recruiting, workforce planning, and related purposes. For more information about how we process your data and your rights, please refer to our Applicant Privacy Policy.

Diversity & Inclusion at Gorgias

We’re committed to creating an inclusive environment where everyone can thrive. We welcome applicants from all backgrounds, experiences, and perspectives because diverse teams drive innovation and better outcomes.