Security Engineer
Stockholm, Sweden
Trustly
Trustly, as a simple and fast online banking payments solution, enables consumers and merchants to carry out in and out payments using their bank account.We are a diverse and fast-growing team with our headquarters in Stockholm, Sweden, and 9 additional offices across Europe and North America. Together we are leading the development of the payments industry and the work you’ll do here will make a great impact. Trustly is a tech company at heart. Two of our three founders are developers and you’ll get the chance to work alongside many talented and motivated colleagues who will help you learn and grow.
About the role:
As part of fulfilling the objective of becoming the leading global online banking payments provider, we are strengthening our capability in the information and cyber security area. Just recently we restructured our internal setup within the security area allowing us to scale and teams to focus. To get us going we are now looking for additional Security Engineers to join the team focusing on our product security in Europe.
As Security Engineer at Trustly, you will be part of a team of security professionals ensuring security lies in the core of everything we build and operate. We combine our expertise in providing security services to the organisation with automating security controls wherever and whenever possible. The team is undergoing an expansive phase and you will have great opportunities to influence what we do and how we do it.
That said, your work will be within one or more of the following areas:
Vulnerability Management:
- Ensure the vulnerability management program maintains coverage of all applicable assets. - Build automation that makes sure our tools are up to date and supports our teams to keep our software secure.- Make initial assessment of reported vulnerabilities and ensure information is shared with the relevant internal teams.
Application Security:
- Perform security assessments of the solutions we build through design reviews, code reviews as well as performing dynamic testing, working closely with the development teams. - Provide development teams with security guidance in different stages of the development process.- Hold training within secure coding practices to the development teams.- Research and implement security controls on top of the CI/CD pipeline.
Red team:
- Design and execute internal penetration testing activities targeting applications, infrastructure, endpoints, or even physical locations.- Compromise hosts and data with exploitation of vulnerabilities to assess actual risks involved and understand what controls that failed to protect.- Lead and coordinate external penetration testing activities.- Lead exposure assessments when vulnerabilities are discovered. - Lead and coordinate incident response activities.- Security control effectiveness reviews
We believe you have the following qualities:
- You have spent a few years in the area of cyber security doing hands-on technical security work.
- You enjoy working in a fast-paced organisation where you will be challenged daily to make sure security enables our maintained speed forward rather than inhibiting it.
- Excellent written and spoken English skills are a must. Other language skills, especially Swedish, are a merit.
- Holding an active EU or Swedish work permit.
- Prefers to spend the majority of your working time in our Stockholm office in line with our hybrid working policy.
In addition the above, we believe you have experience in following areas:
- Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorisation, applied cryptography, security vulnerabilities and remediation.
- Experience with SIEM/SOAR systems as a user and/or developer.
- Experience with security incident response and/or system forensics.
- Experience from hands-on technical security assessments such as penetration tests, web application tests, code reviews etc.
- Experience as a developer or working with application developers in "shifting left", introducing security controls early on in the development process.
- Experience of building and maintaining a good security posture in cloud environments.
- Knowledge of one or more programming languages like Java, Python or Go.
- Any security certification (e.g.: OSCP, OSWE, BTL or similar) will be considered a merit.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation Banking CI/CD Cloud Cryptography E-commerce Forensics Incident response Java OSCP OSWE Pentesting Product security Python Red team Security assessment SIEM SOAR Vulnerabilities Vulnerability management
Perks/benefits: Career development Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open IPS-related jobs