Senior Product Security Engineer

Your mission

We are looking for a Product Security Engineer to ensure the confidentiality, integrity, and availability of our systems and applications. You will work closely with development teams to identify and mitigate security vulnerabilities throughout the software development lifecycle. This includes performing security assessments, implementing secure coding practices, and driving the adoption of best-in-class security technologies. Your work will span traditional applications as well as Web3 technologies.

We can offer you an exciting and fast-paced environment with some very unique security challenges. Security is Finoa's business, and you will have an important and impactful voice within the organization.

In this role, you will:

1. You will work closely with Product and Infrastructure teams across the organization to integrate secure practices into all stages of the software development lifecycle, from product inception to operations.
2. You will conduct code reviews and penetration tests for Finoa applications, as well as manage the delivery of external assessments.
3. Conduct threat modelling to identify potential risks as early as possible in the development lifecycle.
4. Conduct security assessments and provide security recommendations for new libraries, integrations, and vendors.
5. You are open to working on adjacent security functions as needed, such as infrastructure security and threat detection, and have an always learning mindset.
6. Deploy and manage secrets management solutions to enhance security controls.
7. Deploy and manage SAST, DAST, and SCA tools to automate security testing. Tune and tailor this tooling for Finoa's stack.
8. Perform threat modeling, vulnerability assessments, and cryptographic security reviews.
9. Provide security guidance to development teams on secure coding practice and secure software architecture.
10. Ensure compliance with industry security standards and best practices.
11. Collaborate with cross-functional teams to improve security posture across the organization.

What you need to be successful:

1. Experience deploying and managing SAST, DAST, and SCA tooling.
2. Strong understanding of secure coding, threat modeling, cryptography, and blockchain security.
3. Hands-on experience with vulnerability assessments, penetration testing, security monitoring, and incident response.
4. Knowledge of security best practices in AWS.
5. Familiarity with key management solutions and PAM systems.
6. Certifications such as OSCP, OSWE, or AWS Security are a plus.
7. Excellent communication and collaboration skills to work with development and security teams.
8. Experience with scripting and automation of security related tasks.
9. Experience working with HSMs or other secure computational technologies is a big plus.
10. Previous experience working with crypto or crypto related technologies is also a plus.

What's in it for you:

1. Accelerate your career growth by joining one of Europe's leading cryptocurrency management platforms.
2. 25 vacation days per year, with an additional day for each year of service - up to 30 days.
3. Access to cutting-edge technologies, high levels of autonomy, and international working environment.
4. Flexible working hours, hybrid work setup from both our Berlin and Porto offices.
5. Fitness (Urban Sports Club) and mental health (Likeminded) memberships.
6. Hot/cold drinks and snacks in the office, and All Hands meetings once a month with pizza.