Security Engineer

Edge Fundraising Cloud SIEM-System Budget across ACT! CAN Übersetzungssoftware MS Access Mobile App Make FinTech Go Support Cyber-Security Engineering, * Wellbeing: Access confidential professional coaching for your growth and recharge with 30 days of annual leave. We offer the flexibility to work from a different location for up to 183 days a year.

• Compensation and equity: We believe that all Upvengers contribute to our success and deserve a competitive, above-market salary and a participation in our employee equity program.
• Team celebrations: Participate in company-wide events, such as UpFest, dinners, offsites and our Holiday party, to connect with colleagues and celebrate our achievements.

Your Impact:

We are a dedicated security team of 9 working to ensure we strictly follow the principles of secure-by-design, zero trust, and the principle of least privilege. We have the luxury of building a security function in a greenfield environment, which means we operate at the cutting edge with modern best practices. We are always seeking out and open to new and novel ways to improve the security posture of our company.

Security isn't just about our team though, at Upvest it's part of the culture. The team itself is one of the oldest within (our young) company, which should show you how it's always been a central tenet of how Upvest defines itself. Within the security team you will have a large view of the whole organisation and work closely with every department.

What you'll do:

• Act as a security subject matter expert for the entire company, operating across multiple disciplines from application and cloud security to GRC. While your work will be broad, your primary focus will be on partnering with our Product Engineering teams to embed a "secure by default" mindset.
• Work with our team and Product and Engineering to perform detailed security architecture reviews of new functionality (facilitating threat modeling is a plus).
• Field security questions and requests with confidence and an aim to mentor and educate.
• Scale the security team by finding areas where security tasks can be automated (and improved).
• Be comfortable working with the cloud (specifically Google Cloud is a plus) and how to tackle its security challenges.
• Ensure that across the product and cloud we have the technical measures in place to continue meeting our own standards, obligations, regulations and certifications (ISO27001, ISAE3402 Type 2, DORA, etc).
• Drive high-impact initiatives and be a present security advocate.

• A real passion for information security, staying abreast of developments in the field, and a desire for knowledge sharing and educating others.
• Experience working in the field of Cyber Security and a degree in a related field.
• A strong foundation in cybersecurity principles and an understanding of frameworks and methodologies, including MITRE ATT&CK, Cyber Kill Chain, incident response frameworks (NIST, SANS), and threat hunting techniques.
• Experience with being on the security side of an SSDLC; i.e. improving it, socialising it, and implementing it.
• Experience with threat modeling, or security reviews.
• Excellent communication skills and empathy, security is a complex topic which you have to be able to explain to audiences of various levels of previous exposure or learning.

Your plus would be:

• Relevant cloud experience (familiarity with Google Cloud).
• Passion for DevSecOps.
• Experience with Go.
• Comfortable working with EDR and SIEM solutions.
• Ideally you will be based in Berlin. If you're currently located elsewhere but would like to move, we're happy to support your relocation.