On - Lead – Platform Security Engineer - Zürich

Team for Career Site

Technology

In short

At On, our technology moves as fast as our runners: always evolving, always pushing boundaries. We’re building a world-class platform to ignite the human spirit through movement, and our Information Security team is the trusted guardian of that mission.
Join a collaborative team of curious minds who believe security should not stop at recommendations. We are moving security closer to engineering — into the code, pipelines, platforms, cloud environments, and identity systems where risks are created and remediated.
We are looking for a Platform Security Engineer who wants to work side-by-side with Engineering, Platform & Ops, and Cloud Security Architecture teams. This is a deeply hands-on role for someone who can open pull requests, build guardrails, remediate vulnerabilities, reduce attack surface, and help make secure engineering the default way of working at On.
This role is for someone who sees security not as a gate, but as a force multiplier for engineering excellence.

Your mission

As a Lead Platform Security Engineer, your mission is to turn security requirements into implemented controls. You will work directly with Engineering, Platform & Ops, and Cloud Security Architecture teams to embed security into how platforms and products are designed, built, deployed, and operated.
You will move beyond advisory security by contributing directly to platform repositories, CI/CD pipelines, infrastructure-as-code, identity controls, and security automation. Your success will be measured by risk reduction: merged fixes, fewer repeat findings, stronger guardrails, and a more resilient engineering ecosystem.

– Work side-by-side with Engineering, Platform & Ops, and Cloud Security Architecture teams to translate security requirements, threat models, and vulnerability findings into practical engineering outcomes.
– Contribute hands-on to platform, CI/CD, infrastructure-as-code, and security-control repositories through pull requests, configuration changes, automation, and policy-as-code.
– Build and improve scalable security guardrails across the software delivery lifecycle, including secrets scanning, dependency scanning, infrastructure-as-code checks, secure build controls, and AI development workflows.
– Partner with engineering teams to remediate vulnerabilities, reduce attack surface, and prevent recurring findings through direct fixes, paired engineering work, or automated controls.
– Strengthen identity and access security for both human and non-human identities, including service accounts, CI runners, automation workflows, coding agents, MCP servers, and bots.
– Support secure-by-design reviews and threat modeling for cloud, platform, identity, CI/CD, and AI-enabled development, ensuring risks are addressed before implementation starts.
– Participate in operational ownership for security-relevant infrastructure and controls you materially contribute to, including root-cause analysis and incident remediation where needed.

Your story

You are a hands-on lead security engineer who enjoys working close to engineering teams, platforms, code, and infrastructure. You are not satisfied with writing recommendations and waiting for someone else to implement them. You like to build, fix, automate, and improve the system at the source.

You combine strong security judgment with practical engineering skills and know how to make security controls work in real-world development environments.

– You bring 10+ years of experience in security engineering, platform security, cloud security, DevSecOps, application security, or infrastructure security.
– You have hands-on experience contributing to engineering workflows using Git, pull requests, code reviews, CI/CD pipelines, automation, or infrastructure-as-code.
– You are comfortable working with cloud environments, ideally including Google Cloud Platform, and understand cloud IAM, network exposure, platform security, and secure configuration patterns.
– You have practical experience with vulnerability remediation and know how to move from finding to fix, including validating closure and preventing recurrence.
– You understand CI/CD security and have experience with controls such as secrets scanning, dependency scanning, SAST, infrastructure-as-code scanning, policy-as-code, or secure build pipelines.
– You are familiar with identity and access security concepts, including least privilege, privileged access, service accounts, non-human identities, temporary access, and credential rotation.
– You are able to translate threat models, risk scenarios, and architecture requirements into concrete technical controls that engineers can implement and operate.
– You are curious about emerging AI security risks and motivated to secure modern development workflows involving AI-generated code, coding agents, MCP servers, and automation.
– You are a natural collaborator who can build trust with Engineering, Platform & Ops, Cloud Security Architecture, Cyber Defence, and GRC teams.
– You communicate clearly with both technical and non-technical stakeholders, focusing on practical risk reduction rather than theoretical security perfection.
– You have a pragmatic mindset and know how to balance speed, security, engineering quality, and business impact.

Meet the team

As a leading running brand, On’s technology division operates in a dynamic, fast-paced environment and plays a critical role in driving our business success. You will play an active role in accelerating the maturity of our security posture; this is a critical hire for a new Security Engineering function.
Your mission is to protect the company’s infrastructure and applications by being a pragmatic, trusted, and a collaborative partner to Engineering.