Cloud Security Engineer

  • FourthLine
  • Barcelona, Spain
  • 27/09/2022
Full time Forex Fintech Information Security IT - Software Development

Job Description

At Fourthline, our mission is to fight financial crime. We help protect the global financial system by verifying millions of identities for banks, neobanks, online brokers, crypto exchanges, or insurers like N26, Vivid, Trade Republic, flatexDEGIRO, Wish, Solarisbank, and more.

Having started our mission in January 2018 only, we're incredibly proud to count around 350 employees between our Amsterdam and Barcelona offices, with over 50 nationalities and a nearly equal balance of genders.

Our Cloud Security Engineer will support securing the cloud infrastructure which underpins our products. We run a scalable and highly available platform on the cloud, and it requires matching security controls to ensure its safety, quality, and market edge. In other words, your work will support the security of our most critical assets!

What is it we ask from you then?

You will prototype, develop, implement, and maintain cloud-centric security solutions to protect our products and data – the personal data of users which our customers trust us to safeguard. Working side-by-side with other security engineers and platform automation engineers, the solutions you implement will be deployed to a distributed cloud platform across different environments.

You will often contribute with your creativity, ideas, and a fresh pair of eyes while you also further your knowledge the nitty-gritty details of cloud computing and security from our domain experts.

You will have the opportunity to explore multiple areas of information security when the demand is high, by supporting other members of the security team in their projects and initiatives.

We work in a Scrum-like fashion, where our goal is to deliver small improvements frequently to support big projects and initiatives. Securing our products one step at a time!

We will make sure you are given the tools, processes and technology to be a rock star in your area.

And did we define some tasks and projects around this as well then? Of course, we did!

  • You will design and prototype security controls for the cloud based on our security policies and other requirements
  • You will implement and maintain the solutions which provide security functions for the products or data hosted on our cloud environments
  • You will participate in code reviews and held internal workshops for other platform solutions to ensure they meet our security standards
  • You will be developing automation scripts, and infra as code for embedding our security standards into our cloud stack
  • You will benchmark our security controls against to CIS and continuously bring new ideas to harden the configuration and infrastructure
  • You will explore and enable the tools to help our life easier to manage, maintain, observe our cloud security exposure

“You are with us for one year from now and looking back you contributed to complete the yearly security engineering roadmap with the team, and established yourself as a knowledgeable, go-to cloud security engineer.

More importantly I’m delighted that some of those ideas came from you, some of them from the team members which you greatly contributed! Damn… that’s it!” – Mustafa, Head of IT Security, during your yearly review.

Background and skills

This is not going to be your first rodeo and we think it will not be your last either! We are looking for that positive minded personality with at least 2 years of experience can chop up these hard to chew topics in eatable portions that are workable and make sense to others. But also, a person that loves to take ownership of our (IT) security, policies and procedures.

Furthermore, you HAVE:

  • Bachelor’s degree ideally from the technical university
  • Ideally you come with experience as either Cloud Security Engineer / Application Security Engineer / SRE / Platform or Automation engineer / QA Engineer/ Penetration Tester / Offensive Security / Systems engineer

Practical knowledge in one or more of these areas is going to help us a lot:

  • Terraform / AWS / Kubernetes / IAM / Cryptography / SQL / C# .Net
  • CI/CD pipeline / GitOps / DevSecOps / SDLC
  • Scripting / programming languages such as Python/Ruby/Golang
  • Rest API / Mobile SDK security
  • Linux / Container security
  • Vulnerability management solutions / Threat modelling / Security architecture

Certifications in these fields are considered as additional value for us:

  • GIAC such as GCSA/GCPN/GCLD/GPCS
  • AWS or Azure Security Certification
  • Kubernetes certification

We encourage you to apply even if you don’t meet 100% of the criteria listed above. We may have asked a lot? Let’s have a talk how we can make you grow with us!

Our product has unique technical challenges in our fast-growing business; we can best tackle them when we have multiple voice and perspective within our diverse culture.

What do we offer?

We are growing...FAST! That means a lot of room for impact in a fairly new KYC market that is exploding! You will get the chance to work in an international and rapidly growing scale-up that works with leading names in global FinTech, Banking as a Service, Crypto and Trading platforms. But wait, there’s more:

  • A 50/50 hybrid WFH/WFO model. We believe the office can be key to collaborate, be creative and align. And we know you can be productive at home when focus is required.
  • A great compensation package
  • 25 days of holidays to chill
  • Senior leadership team and growth driven teams that bring out the best in you
  • A great office vibe with over 50 nationalities to work with
  • Clear organization structure and open communication
  • Fruit & snacks are always available