Lead Security Engineer - Core Technology Team

Tech Innovation at Apotea Apotea is Sweden’s largest online pharmacy, committed to making healthcare products accessible and efficient for everyone. Our Tech department aims to redefine how AI and automation drive modern businesses — not by forcing AI into traditional workflows, but by creating AI-driven systems that give humans control, insight, and the ability to apply their expertise where it matters most.

The Core Technology team builds the architectural foundation supporting e-commerce, logistics, data, AI/ML, and customer experience. We ensure all development aligns with our long-term vision and contributes to Apotea’s growth.

We are now looking for a Lead Security Engineer to take full ownership of Apotea’s security strategy, ensure compliance, and enable teams to build and innovate securely at scale.

The Role As Lead Security Engineer, you will define, implement, and evolve security practices across AWS (serverless-first), e-commerce, logistics, and data platforms. The role combines strategic leadership with hands-on engineering — you will implement security yourself while empowering others to do so.

You will act as the first-line technical security lead, defining guardrails, monitoring risks, and leading incident response. You will develop secure practices for coding with AI assistants, ensuring generated code meets security standards, avoids data leakage, and aligns with regulations. You will also communicate complex security concepts clearly across the organization. Location: Sveavägen 168, Stockholm, Sweden (On-site)

Key Responsibilities

Security Leadership

Own and evolve Apotea’s security strategy across cloud, applications, and infrastructure.

Translate business and regulatory requirements into sustainable security practices.

Define guardrails, best practices, and reference implementations for teams.

Hands-On Security Engineering

Design and implement secure AWS serverless and data-driven systems.

Lead IAM practices, enforcing least-privilege and zero-trust.

Oversee vulnerability management, penetration testing, and patching.

Ensure secure DevSecOps pipelines and IaC security.

Monitoring & Incident Response

Build and operate monitoring, detection, and alerting systems (SIEM, EDR, GuardDuty, Security Hub).

Lead incident response: investigate, contain, and recover from security events.

Maintain and test playbooks for emerging threats.

Governance & Compliance

Ensure GDPR, healthcare regulations, and industry standards compliance.

Embed security and privacy by design across development.

Partner with legal, compliance, and business units for regulatory readiness.

Provide training and frameworks for safe AI usage without compromising security.

Collaboration & Culture

Work closely with engineers, architects, and product teams to integrate security early.

Mentor engineers in secure cod