Golang Job: Information Security Engineer

We’re looking for fintech enthusiasts to join us in creating the financial infrastructure of tomorrow. We’re building the first European Investment API to enable any financial institution to offer a broad range of investment products in their apps. Our view is backed by Europe's largest tech VCs (Earlybird, Notion Capital, Partech, HV Capital, ABN AMRO Ventures) and by renowned fintech entrepreneurs (including Maximilian Tayenthal, founder of N26, and Felix Haas, founder of IDnow).

At Upvest, our vision is to make investing as easy as spending money. By enabling any business to offer investment opportunities, our goal is to empower anyone to invest. Today, we count 50+ talented people from 20 different countries.

Security is more than just a team at Upvest, it's a cultural cornerstone. In fact, while modest in size, the security team has been around longer than most other teams at Upvest, which should give you an indication of how central security is to our culture and business. We work very closely and cross-organisationally with teams like Product & Engineering, People, and Compliance & Risk.

With the luxury of building in a greenfield environment, we're focused on bringing the absolute best practises, built on top of cutting edge technology and techniques. This means, in addition to working with tech stack mainstays, we are always seeking out new and novel ways to maximise Upvest's use of technology and continuously improve reliability, resilience and security posture.

If your passion is technology and security, come join us in building the bank of the future.

Your mission:

As a Product Security Engineer, you will work with the Engineering team to build secure products, ensuring security controls are available by default and educating stakeholders on best practices and standards. You will also detect vulnerabilities and triage them with appropriate owners, use vulnerability remediation tools and practices, and follow compliance standards and frameworks. Major projects may include building/installing application security testing tooling (especially automated ones), defining our vulnerability management, runtime protections, and coordinating across our teams to communicate security policies and standards.

We’re a company based in Berlin, Germany, but we are an English speaking team, so no German knowledge is required. Bring along a passion for building tomorrow’s financial infrastructure from the ground up!

Responsibilities we’ll trust you with:

• You’ll work with the rest of the Security team to conduct secure architecture reviews and facilitate threat modelling workshops with the Product and Engineering teams to identify security risks and ensure security requirements are defined

• Using whatever security tools you need to identify security vulnerabilities and remediate them early in the Development Lifecycle.

• Build automation for detecting and responding to security vulnerabilities in CI/CD pipeline.

• Expertise in security engineering, system or network security, security protocols, cryptography, and application/API security.

• Passion to advocate and implement Secure SDLC

• Conduct penetration testing on our products (tools are up to you!)

• Identifying product coding/configuration flaws, how attackers might exploit them, and how an engineer might fix them

• Evaluate new technologies and vendors to improve our security

What you’ll bring:

• A real passion for information security, staying abreast of developments in the field, and a desire to share knowledge and educate others

• At least 5 years of experience working in cyber security

• A strong foundation in general cybersecurity practices with deep technical knowledge in web application/API security

• Experience with architecting and implementing a Secure Software Development Lifecycle

• Knowledge of setting up automated security testing and monitoring tools

• Experience with threat modelling

• Excellent communication skills and the ability to articulate complex concepts to other Upvengers. Our security team operates on a consulting model; effective, constructive, supportive, and meaningful communication is key.

It’s nice if you have:

• Prior experience with cloud computing and security (ideally with Google Cloud Platform)

• Knowledge of the technologies in our modern tech-stack (Golang, Kafka, Postgres/CloudSQL, Docker, k8s)

• Knowledge of Cryptographic Primitives, and modern authentication protocols (JWTs, OAuth, etc)

• Experience with certifications in the IT security space, even better in the Financial space (BAIT, MaRisk, ISO27001, SOC2, etc.)

• Previous understanding of event driven architectures

How we Upvest in you?

• Greenfield projects. We’re building something quite complex and a first in Europe. This means we’re working with cutting-edge technologies and with no legacy code.

• Wellbeing. At Upvest, everyone has access to our in-house coach where you can have regular sessions to support you personally and professionally.

• Development. In keeping with one of our core values, ‘Learn and Grow’, every Upvenger has access to a development budget. In line with one of our other values, ‘Own the Outcome’, how you choose to make the most of it, is up to you.

• Flexibility. We work in a hybrid setup with the team distributed around Germany and Europe. We give you the choice (and budget) to spend your time where you are most comfortable and productive, either at home or the office. You choose.

Our values:

• Learn and grow. We aim high to shape our future. We give and request honest feedback knowing that we develop together. Progression over Perfection.

• Team first. We make it easy for others. We value our differences and are open to others' opinions. We win and celebrate together! Team over Egos.

• Own the outcome. Whether we win or we lose, we stand together. We are proactive and get the job done. Outcome over Process.

• Tell the story. We always start with the why. We share knowledge to empower others. Transparency over Complexity.

Location

We’re based in Berlin but would consider hiring remotely for this role. If you do want to move to Berlin though, we’re happy to support your relocation.