At Trustly, we’re passionate about simplifying the way people pay and get paid online. We are a licensed payment institution and our B2B products available across Europe and the US attract global merchants in segments such as e-commerce, travel, financial services and gaming. In June 2018, private equity firm Nordic Capital acquired a majority stake in Trustly with ambitions to support us in becoming the leading global online banking payments provider.
We are a diverse and fast-growing team with our headquarters in Stockholm, Sweden, and offices in Barcelona, Spain; Cologne, Germany; Helsinki, Finland; Lisbon, Portugal; London, UK; Örebro, Sweden; Redwood City, US; Sliema, Malta; and Vitória, Brazil. Together we are leading the development of the payments industry and the work you’ll do here will make a great impact.
About Tech at Trustly:
Trustly is a tech company at heart. Two of our three founders are developers and you’ll get the chance to work alongside many talented and motivated colleagues who will help you learn and grow. The Security Engineer will be a part of Tech’s Platform Team, which supports both the office and developers, and provides tools so that they can be as effective and efficient as possible.
- Act as a technical adviser and as a hands-on expert for the following areas
- Assist the lead developers in establishing the Trustly SDLC model.
- Create documentation for the SDLC model and ensure that an audit trail exists for all applicable processes.
- Provide application security awareness training to the development teams (e-learning or instructor-led).
- Research and implement security controls on top of the CI/CD pipeline.
- Configure and manage WAFs (Web Application Firewalls).
- Enhance the vulnerability management program. Triage vulnerabilities as the first point of contact and ensure they are communicated to the relevant development teams.
- Design and execute internal penetration testing activities. Coordinate external penetration testing activities.
- We believe the ideal candidate has a minimum of 2 years of information security experience
- Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
- Adequate knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures) and of network/web related protocols
- You have experience as a developer or working with application developers and experience dealing with the application security life cycle (SDLC)
- Excellent written and spoken English skills are a must, and any other language skills, especially Swedish are merited
- Any security certificate (e.g.: SSCP, CompTia Security+ or similar) will be considered a merit