Security Lead

We’re a startup of around 40 people building a platform used by large digital banks and regulated industries. Our stack runs entirely on Google Cloud (GCP) with strict uptime, data protection, and compliance requirements.

We’re hiring our first dedicated security role to take ownership of our security posture, improve secure engineering practices, and set up a lean security operations function.

What You’ll Do

This is a hands-on role. You’ll:

• Improve security across the stack, covering secure coding, secrets and key management, and overall infrastructure hardening
• Set up and maintain security monitoring on GCP, with automated detection and response where practical
• Integrate security into CI/CD and infrastructure, including vulnerability scanning and IaC checks
• Triage inbound vulnerability reports, determine validity, coordinate fixes, and handle communication
• Manage penetration testing, drive remediation, and coordinate with external security vendors such as pen testers and auditors
• Lead security aspects of incident response, including investigations, documentation, and working with customers or regulators when needed
• Support ISO27001, SOC2 and similar controls and audits with engineering and compliance teams

What We’re Looking For

• Experience in cloud security (GCP preferred), IAM, Kubernetes, and securing infrastructure
• Solid application security background: secure coding, vulnerability management, integrating security into CI/CD
• Incident response experience, working with detection tools or managing investigations
• Comfortable handling both technical security work (code, Terraform, GCP configs) and external conversations with customers or auditors
• Familiarity with ISO27001, SOC2, or similar audits is helpful

Why Join Us

• Directly manage security for a platform used by large financial and regulated customers
• Work closely with founders, engineering, and customers
• Modern, cloud-native environment without unnecessary overhead
• Competitive pay and flexibility