Note: Partly is headquartered in the UK, with a Product and Engineering HQ in Christchurch, New Zealand, and an early presence in San Francisco, USA. If you are based outside of a Hub, we will fly you to the nearest Hub for 1 week per quarter for our “Season Openers” (we pay for your travel and accommodation).

🚀 Our story

Partly's mission is to connect the world's parts and we're doing that by building the first global platform for replacement parts, starting with auto parts. Our big vision is to accelerate the world toward a sustainable future where anyone can fix anything.

Founded by ex-Rocket Lab engineers, we utilise cutting-edge technology to solve challenging but exciting problems that make a huge impact in a $1.9 trillion industry. We've more than tripled our team over the last 12 months and expect to double in size again over the coming 12 months. We're a global team spanning both Europe and Australasia.

We provide a scalable digital infrastructure solution to some of the world's largest businesses and the most exciting startups. Partly's solutions are integrated across hundreds of companies globally, providing the backbone for cataloguing and managing parts online.

Our investors in Blackbird Ventures (Canva, CultureAmp etc.), Square Peg, Octopus Ventures, Icehouse, Peter Beck (Rocket Lab), Akshay Kothari (Notion Co-Founder) and Dylan Field (Figma Co-Founder).

We're continuing to build a world-class team and ensuring Partly is a place where people can do the best work of their lives. We're proud of the culture we've built at Partly, and our values are lived throughout every experience.

🖍️ This role

The Platform Security Engineer will own Partly's security posture while contributing to platform reliability, reporting to Platform Lead.

This role combines infrastructure security with platform reliability - someone who can harden our systems while keeping them running. Not a pure "checkbox compliance" role; we need someone who can implement technical controls and work hands-on with infrastructure. You'll be the first dedicated security hire at Partly, building processes from scratch while partnering closely with our SRE team.

💻 What will you do

Keep Partly reliable and secure. Participate in on-call rotation alongside the SRE team. Own security incident response planning and testing. Lead post-incident reviews for security-related incidents and participate in availability incidents. Build security event monitoring and alerting.
Own our security posture and compliance. Prepare for and pass security audits (ISO 27001, future SOC 2). Maintain continuous compliance via Vanta - ensuring controls are implemented, not just documented. Respond to enterprise customer security questionnaires. Maintain and communicate the risk register to engineering and leadership.
Harden our infrastructure. Implement principle of least privilege across the stack - PostgreSQL roles for applications, Kubernetes RBAC refinement, ensuring applications only get the secrets they need. Drive network segmentation and zero-trust progress using Cilium network policies and Kyverno admission policies. Make production access read-only by default for developers.
Manage vulnerabilities systematically. Implement and operate our vulnerability scanning pipeline using Trivy, Renovate, and Falco. Own the vulnerability triage process - severity assessment, prioritization, tracking to resolution. Coordinate remediation with service owners and report on metrics and trends.

Want to learn more about the problems we're solving and the culture we're building at Partly? Hear directly from our team here: https://shorturl.at/DPDdl

🥷 Your skills

(Preferred) 5+ years in security engineering, platform engineering, or SRE with strong security focus. You've done this before and can hit the ground running with minimal hand-holding.
(Preferred) Hands-on Kubernetes security experience. You understand RBAC, network policies, and admission controllers. You've implemented security controls in production K8s environments.
Compliance framework experience. You've worked with at least one of ISO 27001, SOC 2, or PCI-DSS. You understand the difference between checkbox compliance and actually being secure.
Cloud security expertise. Strong understanding of cloud security principles. GCP experience preferred. You know how to secure cloud infrastructure.
Infrastructure-as-code practitioner. Experience with Terraform, ArgoCD, GitOps workflows. You believe infrastructure changes should go through code review.
Clear communicator. Ability to communicate security risk to non-technical stakeholders. You can translate technical vulnerabilities into business risk.
(Bonus) CNCF security tooling experience. Cilium, Kyverno, Falco, or similar tools. Container security and supply chain security (SBOM, image signing).
(Bonus) Rust or Go experience. Our backend languages - helpful for understanding the systems you're securing and reviewing security-sensitive code.

Please note: if you don't have all the skills/experience listed above but believe you could be outstanding in this role, please still consider applying. Many folks, especially those from underrepresented or marginalised groups, often count themselves out. Please allow us to learn more about you and why you're exceptional!

Our Benefits

Healthy, Catered Lunches - Enjoy fresh, healthy lunches every workday in our Auckland, Christchurch, London and San Francisco offices. With no meal prep needed, you can eat, connect, and refuel with your team. (And yes, snacks and drinks are always on hand.)
Healthy Body, Healthy Mind - We care about performing at our peak. Every team member gets a $1,500 annual wellness allowance (or local equivalent) on a Partly-branded card. Use it on things such gym memberships, rock climbing, physio, massage, GP visits, prescriptions; anything that you or your family, need!
Family Comes First - Primary caregivers receive 3 months of fully paid parental leave, plus a flexible return-to-work (four days on full pay for your first three months back).
Getting Here Is On Us - If you commute to a Partly office or co-working space, choose from a paid 24/7 car park or commute allowance. One less thing to think about!
Workspaces That Inspire - Our brand new, architecturally designed offices are built for collaboration and creativity, with great coffee, social spaces, and some of the best cafes a few steps away.
Office-First with Flexibility - In cities where we have an office (Christchurch, Auckland, London, San Francisco), we default there every day. This let's us move faster, make better decisions and build strong relationships. We also operate with a very high trust environment, so you can manage your time around your life, and flex your schedule to get your best work done.
We Celebrate Together - From weekly happy hours and monthly lunches to quarterly season openers and an annual global offsite, we make time to connect, celebrate, and have fun as one team.

🛬 Relocation

If you are relocating from overseas or domestically to Partly HQ, we offer a generous relocation allowance to support your move