Who We Are
Bayzat is at the forefront of transforming workplaces through innovative solutions in HR, Payroll, Finance, and Insurance. Renowned as a leading SaaS platform for employee benefits and a key player in the Insurance sector, we are committed to our mission: empower every company to create a remarkable workplace by supercharging people processes and payments.
As one of the MENA region's fastest-growing Scale-Ups, Bayzat is celebrated for its innovative product offerings, backed by over 300 team members from 35+ nationalities. Recognized by Forbes as a promising UAE-based startup and supported by leading VCs like Mubadala and Point72 Ventures, we are among the best-funded HRTech scale-ups in the region.
At Bayzat, culture is paramount. We are a principle-driven, merit-based organization where authenticity, collaboration, and unpretentiousness thrive. Joining Bayzat means immersing yourself in an environment of high achievers, tackling complex challenges, and constantly striving for success. Our culture inspires continuous learning and excellence, allowing you to work with and be inspired by some of the brightest minds in the industry.
Our journey to success is anchored in our commitment to innovation, empowering businesses with features designed to optimize efficiency and elevate employee experiences. Whether enhancing people processes, streamlining payments, or enabling smarter decisions, Bayzat is redefining what it means to create a truly remarkable workplace.
About The Role
We are looking for a forward-thinking Security Engineer to evolve our security posture from'gatekeeper to enabler. You will not just find bugs; you will architect the automated guardrails that allow our developers to ship code fast and securely. As a core member of the Engineering team, you will tackle security challenges across our entire stack; from traditional Web/Mobile apps and Cloud Infrastructure (AWS) to our emerging AI-driven features. You will play a pivotal role in defining how we secure Generative AI integrations and protect our customer data in an era of evolving threats.
Some High-impact Responsibilities You Will Be Entrusted With
Application & AI Security (AppSec)
- Secure the AI Frontier: Lead threat modeling and security reviews for new product features, specifically focusing on LLM (Large Language Model) integrations. You will mitigate risks such as Prompt Injection, Data Poisoning, and Model Theft (adhering to the OWASP Top 10for LLMs).
- Shift-Left Security: Embed security into the SDLC. Integrate SAST, DAST, and SCA(Software Composition Analysis) tools directly into our CI/CD pipelines to catch vulnerabilities before they reach production.
- Vulnerability Management: Move beyond manual reporting. Triage results from automated scans and Bug Bounty programs, and work directly with developers to implement remediation patches.
Cloud & Infrastructure Security
- Cloud-Native Protection: Harden our AWS environment using industry best practices (CIS Benchmarks)
- Infrastructure as Code (IaC) Security: Review and secure Terraform/CloudFormation scripts to ensure infrastructure is secure by design before it is deployed.
- Container Security: Implement security controls for Docker containers and Kubernetes (K8s)clusters, ensuring isolation and minimizing the attack surface.
Operations & Culture
- Automate Everything: Use Python, Go, or Bash to write scripts that automate repetitive security tasks, alerting, and incident response workflows.
- Security Champions: Mentor developers and product managers. Run internal workshops on secure coding practices (including safe use of AI coding assistants like Copilot).
- Incident Response: detect, investigate, and respond to security anomalies using modern SIEM tools.
Technical Skills
What you will need to have:
- Experience:3+ years in Security Engineering, DevSecOps, or a related field.
- Coding: Proficiency in at least one scripting language (Python, Go, or Ruby) to read code and write automation tools.
- Cloud Fluency: Deep understanding of AWS services (IAM, VPC, Guard Duty, WAF, Inspector) and container orchestration (Kubernetes)
- AppSec Tooling: Hands-on experience with tools like Burp Suite, OWASP ZAP, Snyk, SonarQube, or similar enterprise equivalents.
- AI/ML Knowledge: Familiarity with the security implications of Generative AI, RAG (Retrieval-Augmented Generation) architectures, and API security.
Soft Skills & Mindset
- Builder Mindset: You don't just say No; you say Here is the secure way to do it.
- Communication: Ability to translate complex security risks (like an Insecure Direct Object Reference or a Prompt Injection) into business terms for Product Managers.
- Curiosity: A demonstrated history of self-learning (e.g., HTB, TryHackMe, or building your own labs).
Bonus Points
- Experience in implementing controls for compliance frameworks such as ISO 27001, SOC 2,PCI DSS, or similar frameworks.
- Active participation in the security community (Bug Bounties, GitHub contributions, CTFs).
- Certifications: OSCP, CISSP, AWS Security Specialty, or CKS (Certified Kubernetes SecuritySpecialist).
- Experience securing Vector Databases (e.g., Weaviate, Pinecone, Milvus)
What's In It For You
At Bayzat, we don't sell beanbags or buzzwords as culture we build an environment where high achievers thrive. You'll work alongside some of the hungriest, most driven people you'll ever meet, in a place that rewards performance, not politics.
Here's What You Can Expect
- Meritocracy at its core: Your value creation and impact define your growth, not titles or tenure.
- Freedom to shape your path: We support cross-functional moves and growth transitions when you drive value.
- Real feedback culture: Feedback is coaching empowering you to find your own answers and elevate your game.
- Barrier-free collaboration: Impact matters more than hierarchy. If you can create value, you'll have a seat at the table even with the CEO.
- Accelerated growth: Fast-track opportunities for top performers; no artificial limits.
- Flexible work setup: Remote and hybrid options designed around performance.
- Inclusive culture: Regular company-wide all-hands, OKR tribe meetings, and annual awards that celebrate real impact.
This isn't for everyone but if you want to be pushed, inspired, and rewarded for what you deliver,
welcome to Bayzat. 
