Note: Partly is headquartered in the UK, with a Product and Engineering base in Christchurch, and an early presence in San Francisco. If you are not based in Christchurch, we will fly you to HQ for 2 weeks for onboarding, as well as 1 week per quarter for our “Season Openers” (we pay for your travel and accommodation). If you are relocating to Christchurch from NZ or from overseas, we can also assist with relocation costs.

🚀 Our story

Partly's mission is to connect the world's parts and we're doing that by building the first global platform for replacement parts, starting with auto parts. Our big vision is to accelerate the world towards a sustainable future where waste is eliminated and all replacement parts are universally searchable, accessible and available to all.

Founded by ex-Rocket Lab engineers, we utilise cutting-edge technology to solve challenging but exciting problems that make a huge impact in a $1.9 trillion industry. We've more than tripled our team over the last 12 months and expect to double in size again over the coming 12 months. We're a global team spanning both Europe and Australasia.

We provide a scalable digital infrastructure solution to some of the world's largest businesses and the most exciting startups. Partly's solutions are integrated across hundreds of companies globally, providing the backbone for cataloguing and managing parts online.

Our investors in Blackbird Ventures (Canva, CultureAmp etc.), Square Peg, Octopus Ventures, Icehouse, Peter Beck (Rocket Lab), Akshay Kothari (Notion Co-Founder) and Dylan Field (Figma Co-Founder).

We're continuing to build a world-class team and ensuring Partly is a place where people can do the best work of their lives. We're proud of the culture we've built at Partly, and our values are lived throughout every experience.

🖍️ This role

The Platform Security Engineer will own Partly's security posture while contributing to platform reliability, reporting to Platform Lead.

This role combines infrastructure security with platform reliability - someone who can harden our systems while keeping them running. Not a pure "checkbox compliance" role; we need someone who can implement technical controls and work hands-on with infrastructure. You'll be the first dedicated security hire at Partly, building processes from scratch while partnering closely with our SRE team.

💻 What will you do

• Keep Partly reliable and secure. Participate in on-call rotation alongside the SRE team. Own security incident response planning and testing. Lead post-incident reviews for security-related incidents and participate in availability incidents. Build security event monitoring and alerting.

• Own our security posture and compliance. Prepare for and pass security audits (ISO 27001, future SOC 2). Maintain continuous compliance via Vanta - ensuring controls are implemented, not just documented. Respond to enterprise customer security questionnaires. Maintain and communicate the risk register to engineering and leadership.

• Harden our infrastructure. Implement principle of least privilege across the stack - PostgreSQL roles for applications, Kubernetes RBAC refinement, ensuring applications only get the secrets they need. Drive network segmentation and zero-trust progress using Cilium network policies and Kyverno admission policies. Make production access read-only by default for developers.

• Manage vulnerabilities systematically. Implement and operate our vulnerability scanning pipeline using Trivy, Renovate, and Falco. Own the vulnerability triage process - severity assessment, prioritization, tracking to resolution. Coordinate remediation with service owners and report on metrics and trends.

Want to learn more about the problems we're solving and the culture we're building at Partly? Hear directly from our team here: https://shorturl.at/iAFUX

🥷 Your skills

• (Preferred) 5+ years in security engineering, platform engineering, or SRE with strong security focus. You've done this before and can hit the ground running with minimal hand-holding.

• (Preferred) Hands-on Kubernetes security experience. You understand RBAC, network policies, and admission controllers. You've implemented security controls in production K8s environments.

• Compliance framework experience. You've worked with at least one of ISO 27001, SOC 2, or PCI-DSS. You understand the difference between checkbox compliance and actually being secure.

• Cloud security expertise. Strong understanding of cloud security principles. GCP experience preferred. You know how to secure cloud infrastructure.

• Infrastructure-as-code practitioner. Experience with Terraform, ArgoCD, GitOps workflows. You believe infrastructure changes should go through code review.

• Clear communicator. Ability to communicate security risk to non-technical stakeholders. You can translate technical vulnerabilities into business risk.

• (Bonus) CNCF security tooling experience. Cilium, Kyverno, Falco, or similar tools. Container security and supply chain security (SBOM, image signing).

• (Bonus) Rust or Go experience. Our backend languages - helpful for understanding the systems you're securing and reviewing security-sensitive code.

Please note: if you don't have all the skills/experience listed above but believe you could be outstanding in this role, please still consider applying. Many folks, especially those from underrepresented or marginalised groups, often count themselves out. Please allow us to learn more about you and why you're exceptional!

🪅 Benefits

• High trust, low process and no bureaucracy. We hire exceptional people whose judgment we trust. This means we proactively remove any process or rules that slow us down (for example, our expense policy is simply the “red face test”).

• Competitive base salary + equity. We offer competitive salaries and generous equity options for all full-time employees, ensuring everyone shares in the financial upside when we win.

• Flexible working hours. Choose when to work based on what time you’re most effective (no mandatory or set hours). We combine flexibility with an office-first approach (in cities where we have critical mass, i.e. London, Christchurch, Auckland). ****

• Focus Days. Two days per week, with zero meetings, dedicated solely to uninterrupted deep work

• Take time when you need it. We don’t ask questions or care if people have a negative leave balance. We work extremely hard and trust our team to take the time they need to recharge.

• Offices in Christchurch CBD and on Auckland’s Karangahape Road. We invest heavily in our offices (standing desks, healthy snacks, quality coffee, drinks on tap) to ensure they’re places people are excited by, where they build relationships and get their best work done.

• Learn from the best. Whether it’s during a ‘Lunch n Learn’ or hearing from a unicorn CEO at a Fireside chat, you’ll have the opportunity to constantly learn from the world’s best.

• Quarterly season openers & annual global offsite. Connect regularly at the nearest centralised location for a week of collaboration, big-picture planning and team events.

• Team connection. Monthly team lunches, celebrating our wins, happy hours and more!

• Parental leave and flexible return to work. Do what works for you. Primary carers can return with 4-day weeks (on 100% pay for the first 12 weeks). Secondary carers get 10 days full pay.

• Payroll Giving: We encourage generous giving and donate to the high-impact charities you support

🛬 Relocation

• If you are relocating from overseas or domestically to Partly HQ, we offer a generous relocation allowance to support your move