About Complexio
Complexio is the intelligence layer for enterprise AI. Our platform builds a connected understanding of how businesses actually operate — across people, processes, and systems.
Enterprises have invested heavily in AI platforms, copilots, and data infrastructure — yet daily work still runs on manual hand-offs and thousands of unseen tasks buried in emails, chats, and spreadsheets. Complexio closes that automation gap.
Our Event Knowledge Graph ingests structured and unstructured data to create a living map of how an organisation truly works — every task, interaction, and dependency. Our Context Broker unifies this knowledge across enterprise systems in real time, enabling our Orchestration layer and Enterprise Automator to discover, design, and execute workflows autonomously. Stevie, our conversational AI assistant, gives teams a natural way to query and act on that intelligence.
Complexio deploys securely within your infrastructure and integrates with the enterprise platforms you already run on — turning organisational knowledge into measurable business outcomes.
A joint venture between Hafnia and Símbolo, backed by leading maritime partners including Marfin Management, C Transport Maritime, Trans Sea Transport, and BW Epic Kosan. Born in maritime, now scaling rapidly across industries.
We are now onboarding enterprise customers globally, with a platform built to handle the pace and complexity of real business operations.
About the role
We are looking for a Senior Platform Security Engineer to join our Product Security domain. This role exists because the scope and importance of our work has outgrown the capacity of a single person.
Our platform underpins multiple products and handles sensitive, high-value data. At its core sits a large, graph-based data store that powers downstream systems. Building and securing access to that data, correctly and pragmatically, is critical to the company.
This is a hands-on engineering role. You will design, build, and ship production-grade security and privacy controls, not just define policies or review designs from the sidelines.
What you’ll be working on
You will take ownership of platform-level trust and safety concerns, including:
Designing and implementing authentication and authorization for a large, graph-based database (hundreds of thousands of nodes)
Building and evolving secure OAuth-based AuthN/AuthZ flows, including token handling, permission models, and enforcement
Making concrete improvements to production security posture
Auditing, understanding, and improving data flows and data-privacy controls, ensuring sensitive data does not end up where it shouldn’t
Acting as a security and privacy gatekeeper in reviews — asking hard questions and requiring changes when needed
* Improving and maintaining supply-chain security, including SAST, SCA, container scanning, and CI/CD hardening
This role is intentionally broad. You will not be a single-domain specialist, and you will not be shielded from complexity.
What success looks like
After ~90 days, a successful hire will have:
* Shipped meaningful, production-level security improvements
* Taken ownership of parts of the AuthN/AuthZ model and implementation
* Developed a solid mental model of our data flows and privacy risks
* Earned trust across teams as someone who can say “this is not okay” — and explain why, with facts
* Reduced risk in practical ways, not through security theatre
How you’ll work
This is a high-autonomy role. You are expected to scope problems yourself when needed.
* You will collaborate closely with engineers across the company, not operate as a silo.
* Disagreement is normal — decisions should be backed by reasoning, data, and threat modeling, not ego.
* Blocking a release on security or privacy grounds is possible when warranted, with clear escalation paths.
* If you see a problem, even outside your direct domain, you are expected to help fix it.
What we’re looking for
* Strong proficiency in Python (our primary language)
* Deep understanding of authentication and authorization concepts, including OAuth, JWTs, permission models, and secure token handling.
* Experience designing and securing non-trivial data systems
* Ability to reason about risk, trade-offs, and real-world constraints
* A track record of shipping real security improvements, not just writing policy
Strongly preferred
* Experience with graph databases, ideally Neo4j or similar
* Experience with CI/CD and supply-chain security (SAST, SCA, container scanning, pipeline hardening)
* Experience with Go or Rust
* Some familiarity with frontend or React (not required, but useful for end-to-end thinking)
What this role is not
* Not a policy-only or advisory role
* Not a role with pre-defined, perfectly scoped tasks
* Not about chasing tools without understanding the problems they solve
* Not security theatre
If you need everything spelled out, or prefer to avoid ambiguity, this role will be frustrating.
Seniority & growth
This role is intentionally leveled as Senior. We are open to hiring at different seniority levels if the fit is right. Titles matter less than ownership, judgment, and impact.
Why join
You’ll work on core platform security problems that directly affect how data is accessed, protected, and trusted. You’ll have real influence, real responsibility, and the space to do things properly, without losing sight of pragmatism.