Security Lead

We’re a startup of around 40 people building a platform used by large digital banks and regulated industries. Our stack runs entirely on Google Cloud (GCP) with strict uptime, data protection, and compliance requirements.

We’re hiring our first dedicated security role to take ownership of our security posture, improve secure engineering practices, and set up a lean security operations function.

What You’ll Do

This is a hands-on role. You’ll:

Improve security across the stack, covering secure coding, secrets and key management, and overall infrastructure hardening

Set up and maintain security monitoring on GCP, with automated detection and response where practical

Integrate security into CI/CD and infrastructure, including vulnerability scanning and IaC checks

Triage inbound vulnerability reports, determine validity, coordinate fixes, and handle communication

Manage penetration testing, drive remediation, and coordinate with external security vendors such as pen testers and auditors

Lead security aspects of incident response, including investigations, documentation, and working with customers or regulators when needed

Support ISO27001, SOC2 and similar controls and audits with engineering and compliance teams

What We’re Looking For

Experience in cloud security (GCP preferred), IAM, Kubernetes, and securing infrastructure

Solid application security background: secure coding, vulnerability management, integrating security into CI/CD

Incident response experience, working with detection tools or managing investigations

Comfortable handling both technical security work (code, Terraform, GCP configs) and external conversations with customers or auditors

Familiarity with ISO27001, SOC2, or similar audits is helpful

Directly manage security for a platform used by large financial and regulated customers

Work closely with founders, engineering, and customers

Modern, cloud-native environment without unnecessary overhead

Competitive pay and flexibility