Security Engineer at trustly

WHO WE ARE At Trustly, we're building a smarter, faster, and more secure financial future by revolutionizing the world of payments. As a global leader in Open Banking Payments, we are establishing Pay by Bank as the new standard at checkout, providing unparalleled freedom, speed, and ease to millions of consumers and merchants worldwide. Our Ambition: To build the world’s most disruptive payment network and redefine what the payment experience should feel like. Trustly is a global team of innovators, collaborators, and doers.  If you are driven by a strong sense of purpose and thrive in a dynamic, entrepreneurial, and high-growth environment, join us and be part of a team that’s transforming the way the world pays. ABOUT THE TEAM As part of fulfilling the objective of becoming the leading global online banking payments provider, we are strengthening our capability in the information and cyber security area. Currently, we are restructuring our internal setup within the security area allowing us to scale and grow our teams. To get us going we are now looking for additional Security Engineers to join the Security and Compliance team focusing on our product security in Europe.  ABOUT THE ROLE As a Security Engineer at Trustly, you will be part of a team of security professionals ensuring security lies in the core of everything we build and operate. We combine our expertise in providing security services to the organization with automating security controls wherever and whenever possible. As our team is undergoing an expansive phase, you will have the opportunity to shape our direction and methodologies. Your contributions will be important in refining our interactions with merchants, allowing you to leave a large impact on our operational security framework. What you'll do • Own and continuously improve our vulnerability management program, ensuring full coverage and accurate exposure visibility across all assets • Build and maintain automation around security tooling to ensure data quality, consistency, and actionable insights • Perform security assessments across the SDLC: design reviews, threat modeling, code reviews, and dynamic testing, working closely with engineering teams • Integrate and enforce security controls within CI/CD pipelines (SAST, DAST, secrets detection, dependency scanning), with a strong focus on developer experience • Conduct internal offensive security activities (penetration testing, red teaming, exploitation) to validate real-world risk and identify control gaps • Translate vulnerabilities into real business risk by validating exploitability and prioritizing remediation based on impact • Contribute to incident response and security investigations, including root cause analysis and improvement of detection and response capabilities • Actively participate in improving our security posture by challenging assumptions, refining detection logic, and improving how we measure exposure • Collaborate with infrastructure and platform teams (AWS, Kubernetes, IAM) to ensure secure-by-design architectures • Contribute to threat intelligence efforts by identifying relevant threats and mapping them to our internal stack and exposure • Support the evolution of our security practices, tooling, and processes as we continue to scale our business and security capabilities Who you are • You have hands-on experience in cybersecurity engineering, application security, or infrastructure security • Strong understanding of modern cloud environments (preferably AWS), including networking, IAM, and containerized workloads • Experience with vulnerability management and security tooling, with a good understanding of asset exposure and data accuracy • Familiar with integrating security controls into CI/CD pipelines (SAST, DAST, secrets detection, dependency scanning) • Comfortable performing technical security assessments (web, APIs, infrastructure), including validation and exploitation of vulnerabilities • Solid understanding of core security concepts and protocols (DNS, TLS, authentication, CVEs, etc.) • Able to think in terms of risk and prioritize based on real-world impact rather than theoretical vulnerabilities • Experience working in regulated environments such as financial services is a strong plus • Strong collaboration and communication skills, able to work closely with developers and infrastructure teams • Pragmatic mindset, able to balance security requirements with engineering constraints • Curious and proactive, not afraid to challenge existing setups and improve them • Certifications (e.g. OSCP, OSWE or similar) are a plus but not required Our Fantastic Benefits (varies by location) 🌴 20 to 30 days of holiday to support a healthy work-life balance 🥳 Monthly team outing allowance to enjoy social events with your colleagues 👶 Parental leave top-up additional support for new parents 🥐 Daily breakfast and on-site perks to make your workday smoother 💚 Well being support our health allowance covers gym memberships, massages, and much more to help you feel your best PLUS additional benefits designed to enhance your work-life experience! Shape Your Role and Make an Impact Join a dynamic environment where you can take ownership, drive change, and continuously embrace new challenges. We’re looking for dedicated and highly motivated individuals who thrive in a fast-paced environment and enjoy collaborating across different areas of the organisation. If your skills and experience align with this role, we’d love to hear from you! Apply now and submit your CV in English.