Lead Security Engineer – Core Technology Team

Location: Sveavägen 168, Stockholm, Sweden (On-site)
Company: Apotea AB – Sweden’s leading online pharmacy
Team: Core Technology

Tech Innovation at Apotea
Apotea is Sweden’s largest online pharmacy, committed to making healthcare products accessible and efficient for everyone. We’re on a mission to build the next generation of e-commerce and logistics, from scratch, but with lots of domain expertise and genuine care for our customers (We have been selected as the best e-commerce in Sweden several years in a row — and for good reason.). Our vision in the Tech department is to redefine how AI and automation power modern businesses — not by forcing AI into traditional workflows, but by creating AI-driven and automated systems that give humans control, insight, and the ability to apply their expertise where it matters most.

The Core Technology Team shapes the architectural foundation that supports everything we do — from e-commerce and logistics to data, AI/ML, and customer experience. We ensure that every development aligns with our long-term vision and contributes to Apotea’s growth.

We are now looking for a Lead Security Engineer to take end-to-end ownership of Apotea’s security engineering strategy, ensure we remain resilient and compliant, and enable our teams to build and innovate securely at scale.

The Role
As Lead Security Engineer, you’ll be at the center of Apotea’s transformation. You will define, implement, and evolve Apotea’s security practices across AWS (serverless-first), e-commerce, logistics, and data platforms.

This role combines strategic leadership with hands-on engineering. At Apotea, engineers are expected to take ownership of the full software lifecycle, so your role will be both to implement security yourself and to empower others to build securely. You’ll work closely with architects, engineers, and business stakeholders to ensure every development is secure, resilient, and aligned with regulations such as GDPR and Swedish healthcare standards.

You will also be the first-line responsible person for all technical security initiatives in the Tech department, defining guardrails, monitoring risks, and ensuring our systems are protected against evolving threats. Part of your role will be to define maturity plans, guide secure-by-design practices, and lead our response capability when incidents occur.

You will be responsible for defining secure development practices for vibe coding and the use of AI coding assistants. You will help engineers use AI responsibly, ensuring that generated code meets Apotea’s security standards, avoids data leakage, and aligns with compliance and coding guidelines. Finally, you must be able to take complex security concepts and communicate them clearly, aligning the whole organization around security as a shared responsibility.

Key Responsibilities

Security Leadership

• Own and evolve Apotea’s security strategy across cloud, applications, and infrastructure.
• Translate business needs and regulatory requirements into secure and sustainable practices.
• Define security guardrails, best practices, and reference implementations for teams.

Hands-On Security Engineering

• Design and implement secure AWS serverless, event-driven, and data-driven systems.
• Lead identity and access management (IAM) practices, enforcing least-privilege and zero-trust models.
• Oversee vulnerability management, penetration testing, and patching processes.
• Ensure secure DevOps pipelines (DevSecOps), including Infrastructure-as-Code checks.

Monitoring & Incident Response

• Build and operate monitoring, detection, and alerting systems (SIEM, EDR, GuardDuty, Security Hub).
• Lead incident response: investigate, contain, and recover from security events.
• Maintain and test playbooks to ensure readiness for emerging threats.

Governance & Compliance

• Ensure compliance with GDPR, healthcare regulations, and industry security standards.
• Embed security and privacy by design in all development.
• Partner with legal, compliance, and business units to ensure regulatory readiness.
• Provide training and frameworks that help engineers use AI as an accelerator without compromising security or compliance.

Collaboration & Culture

• Work closely with engineers, architects, and product teams to embed security early in the lifecycle.
• Mentor and coach engineers on secure coding and infrastructure practices.
• Advocate for a strong security culture across the organization.

We are looking for someone with

• Extensive experience in security engineering, including acting as the main/go-to security expert in an organization.
• Proven expertise in securing AWS environments (IAM, networking, serverless, encryption, monitoring).
• Strong background in designing secure, scalable, and compliant cloud-native systems.
• Hands-on experience with security tooling (SIEM, EDR, vulnerability scanners, secrets management).
• Deep knowledge of DevSecOps and Infrastructure-as-Code security (e.g., CDK, Terraform, CloudFormation).
• Ability to balance speed of delivery with security risk management, defining maturity plans for security posture.
• Excellent ability to collaborate across business and tech, with strong communication and leadership skills.
• Programming/scripting skills (Go, TypeScript, .NET, Python or similar).

Nice To Have

• Experience in regulated industries such as healthcare, finance, or logistics.
• Familiarity with compliance frameworks (ISO 27001, NIST, PCI-DSS).
• Background in penetration testing, forensics, or red/blue team operations.

Why Join Apotea?

• A stable, future-focused company with a meaningful mission to improve healthcare accessibility.
• The chance to work on cutting-edge AI, ML, and automation projects that impact millions of customers.
• Opportunity to Work with modern cloud-native technologies (serverless, AI, automation, event-driven).
• Join a flat, agile organization with minimal bureaucracy
• Opportunities for career growth through training, mentorship, and industry conferences.
• Collaborate in a cross-functional, transparent environment
• Own projects from concept to deployment
• Join a culture of experimentation, collaboration, and innovation.

About Apotea
Apotea.se is Sweden’s largest online pharmacy, with the country’s broadest range of over 32,000 non-prescription items and nearly 19,000 prescription drugs for humans and animals. Recognized as Sweden’s most sustainable e-commerce company (Sustainable Brand Index 2021), we simplify everyday life for our customers with fast deliveries and expert advice. In 2024, Apotea reached a turnover of SEK 6.5 billion and currently employs about 1,000 people across Stockholm, Lidingö, and Morgongåva.

Apotea is an inclusive employer that values diversity. We welcome all applicants and strive to create a work environment where people, regardless of background, gender, age, religion, or disability, can thrive and grow.

Recruitment Process

1. Apply
2. Interview: Screening
3. Interview: Technical Capabilities
4. Interview: Culture Fit
5. Background Check: As a pharmacy, we always conduct a background check.
6. Offer Presented

Application
Do not hesitate to send in your application already today. For more information or questions, visit our career page or contact us at jobb@apotea.se. We do not accept applications via email.

LinkedIn
Instagram

Join Us and Make a Difference - We hope you want to be a part of our team!
Submit your application today—interviews are conducted on an ongoing basis, and the position may be filled immediately. Start date by agreement.

Welcome to Apotea – where technology meets health and creates magic!