Security Engineer

At Trustly, we’re passionate about simplifying the way people pay and get paid online. We’re a licensed payment institution and our B2B products available across Europe, North America and Australia attract global merchants in segments such as e-commerce, telecom, travel, financial services, and gaming. In June 2018, private equity firm Nordic Capital acquired a majority stake in Trustly with ambitions to support us in becoming the leading global online banking payments provider.
We are a diverse and fast-growing team with our headquarters in Stockholm, Sweden, and 9 additional offices across Europe and North America. Together we are leading the development of the payments industry and the work you’ll do here will make a great impact. Trustly is a tech company at heart. Two of our three founders are developers and you’ll get the chance to work alongside many talented and motivated colleagues who will help you learn and grow.

About the role: 
As part of fulfilling the objective of becoming the leading global online banking payments provider, we are strengthening our capability in the information and cyber security area. Just recently we restructured our internal setup within the security area allowing us to scale and teams to focus. To get us going we are now looking for additional Security Engineers to join the team focusing on our product security in Europe. 
As Security Engineer at Trustly, you will be part of a team of security professionals ensuring security lies in the core of everything we build and operate. We combine our expertise in providing security services to the organisation with automating security controls wherever and whenever possible. The team is undergoing an expansive phase and you will have great opportunities to influence what we do and how we do it.
That said, your work will be within one or more of the following areas:  
Vulnerability Management: 
- Ensure the vulnerability management program maintains coverage of all applicable assets. - Build automation that makes sure our tools are up to date and supports our teams to keep our software secure.- Make initial assessment of reported vulnerabilities and ensure information is shared with the relevant internal teams.  
Application Security: 
- Perform security assessments of the solutions we build through design reviews, code reviews as well as performing dynamic testing, working closely with the development teams. - Provide development teams with security guidance in different stages of the development process.- Hold training within secure coding practices to the development teams.- Research and implement security controls on top of the CI/CD pipeline.  
Red team:
- Design and execute internal penetration testing activities targeting applications, infrastructure, endpoints, or even physical locations.- Compromise hosts and data with exploitation of vulnerabilities to assess actual risks involved and understand what controls that failed to protect.- Lead and coordinate external penetration testing activities.- Lead exposure assessments when vulnerabilities are discovered. - Lead and coordinate incident response activities.- Security control effectiveness reviews

We believe you have the following qualities:

• You have spent a few years in the area of cyber security doing hands-on technical security work.
• You enjoy working in a fast-paced organisation where you will be challenged daily to make sure security enables our maintained speed forward rather than inhibiting it.
• Excellent written and spoken English skills are a must. Other language skills, especially Swedish, are a merit.
• Holding an active EU or Swedish work permit.
• Prefers to spend the majority of your working time in our Stockholm office in line with our hybrid working policy.

In addition the above, we believe you have experience in following areas:

• Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorisation, applied cryptography, security vulnerabilities and remediation.
• Experience with SIEM/SOAR systems as a user and/or developer.
• Experience with security incident response and/or system forensics.
• Experience from hands-on technical security assessments such as penetration tests, web application tests, code reviews etc.
• Experience as a developer or working with application developers in "shifting left", introducing security controls early on in the development process.
• Experience of building and maintaining a good security posture in cloud environments.
• Knowledge of one or more programming languages like Java, Python or Go.
• Any security certification (e.g.: OSCP, OSWE, BTL or similar) will be considered a merit.