We’re looking for fintech enthusiasts to join us in creating the financial infrastructure of tomorrow. We’re building the first European Investment API to enable any financial institution to offer a broad range of investment products in their apps. Our view is backed by Europe's largest tech VCs (Earlybird, Notion Capital, Partech, HV Capital, ABN AMRO Ventures) and by renowned fintech entrepreneurs (including Maximilian Tayenthal, founder of N26, and Felix Haas, founder of IDnow).
At Upvest, our vision is to make investing as easy as spending money. By enabling any business to offer investment opportunities, our goal is to empower anyone to invest. Today, we count 100+ talented people from 20 different countries.
Security is more than just a team at Upvest, it's a cultural cornerstone. In fact, while modest in size, the security team has been around longer than most other teams at Upvest, which should give you an indication of how central security is to our culture and business. We work very closely and cross-organisationally with teams like Product & Engineering, People, and Compliance & Risk.
With the luxury of building in a greenfield environment, we're focused on bringing the absolute best practices, built on top of cutting-edge technology and techniques. This means, in addition to working with tech stack mainstays, we are always seeking out new and novel ways to maximise Upvest's use of technology and continuously improve reliability, resilience, and security posture.
If your passion is technology and security, come join us in building the bank of the future.
As a Cloud Security Specialist part of the Security team, you will work closely with the Engineering’s Platform team to build out a Secure Cloud Infrastructure, and to enable our world-class investment API to be hosted and deployed securely. Along with the rest of the security team, you will be ensuring security controls are available by default and educating stakeholders on best practices and standards. Especially as it pertains to the cloud, you will be the subject matter expert on cloud-native threats, and work to ensure our infrastructure setup meets our security or business certification requirements. You will also detect risks and issues as well as introduce and socialise remediations to the appropriate teams.
We’re a company based in Berlin Germany, but we are an English speaking team, so no German knowledge is required. Bring along a passion for building tomorrow’s financial infrastructure from the ground up!
Responsibilities we’ll trust you with:
- Manage, plan, and execute security-related aspects within the cloud as part of the SSDLC, and across our deployments.
- Participate, lead and jointly deliver security evaluation reports on our cloud-native infrastructure.
- Establish security requirements for cloud-based solutions by evaluating business strategies and requirements; researching cloud infrastructures security standards such as ISO 27000 series, NIST CSF, and CSA, and how they pertain to Upvest
- Identify and deliver appropriate controls based on industry-relevant standards (BAIT, MaRisk, SOC2, etc) to drive our security posture against cloud-native threats, and potential business risks
- Continually evaluate new threats in the cloud, to identify the impact on our IT and Business to develop and implement security controls
- Provide recommendations for improvement and risk reduction, and act as a change agent within our teams.
What you’ll bring:
Knowledge and understanding of current popular cloud provider solutions and cloud orchestration tools (mainly GCP, Terraform, Kubernetes, Docker, and anything you think would be helpful for us!)
- Strong domain expertise of cloud infrastructure compute, network, and storage as well as the cloud control plane
- Knowledge of virtualization, containers, service-mesh (Linkerd) and enterprise service business
- Experience in entirely cloud-native deployments and infrastructures
- Ability to explain and drive security-related remediation efforts
- Experience in designing, implementing, and delivering security for cloud-native, distributed computing and architectural solutions with the principle of “Secure by Design” and “Zero Trust”
- Expertise in generating security architectural requirements for software development and product teams, and an ability to help the rest of the security team with their threat modelling and security workshops
- Excellent communication skills and the ability to articulate complex concepts to other Upvengers. Our security team operates on a consulting model; effective, constructive, supportive, and meaningful communication is key.
It’s nice if you have:
Knowledge of the technologies in our modern tech-stack (Golang, Kafka, Postgres/CloudSQL)
- Experience with certifications in the cyber security space, even better in the Financial space (BAIT, MaRisk, ISO27001, etc.)
- Previous understanding of event-driven architectures
- Previous experience and expertise in GCP
- A cloud-related security certification, like CCSP
How we Upvest in you?
Greenfield projects. We’re building something quite complex and a first in Europe. This means we’re working with cutting-edge technologies and with no legacy code.
- Wellbeing. At Upvest, everyone has access to our in-house coach where you can have regular sessions to support you personally and professionally.
- Development. In keeping with one of our core values, ‘Learn and Grow’, every Upvenger has access to a development budget. In line with one of our other values, ‘Own the Outcome’, how you choose to make the most of it, is up to you.
- Flexibility. We work in a hybrid setup with a team distributed around Germany and Europe. We give you the choice (and budget) to spend your time where you are most comfortable and productive, either at home or the office. You choose.
Learn and grow. We aim high to shape our future. We give and request honest feedback knowing that we develop together. Progression over Perfection.
- Team first. We make it easy for others. We value our differences and are open to others' opinions. We win and celebrate together! Team over Egos.
- Own the outcome. Whether we win or we lose, we stand together. We are proactive and get the job done. Outcome over Process.
- Tell the story. We always start with the why. We share knowledge to empower others. Transparency over Complexity.
We’re based in Berlin but would consider hiring remotely for this role. If you do want to move to Berlin though, we’re happy to support your relocation.