DevSecOps Engineer (f/m/x)

Stellenbeschreibung:

About lemon.markets

We enable anyone to be an investor. Our mission is to grow investing opportunities for all European customers and businesses, providing seamless access to capital markets. By empowering FinTechs, Banks and Wealth Managers to offer investment products, we help create financial well‑being for their customers.

lemon.markets provides a Brokerage‑as‑a‑Service platform for simple digital access to capital markets through a single API. Our API‑first infrastructure makes launching an investment product customer‑centric and compliant. We abstract all complexity for our partners through a well documented API, a self‑service customer operations portal and operating in a clear regulatory framework. Enabling partners to launch in weeks, not months.

We have experienced first hand that brokerage infrastructure is broken. Building an investment product used to be highly expensive, challenging and cumbersome. We ease this pain by shielding our partners & their customers from the underlying complexity - and with that, we make investing seamlessly accessible to everyone. Because that’s exactly what we enjoy, going to places nobody else dares and solving hard problems. This not only creates tons of value when done right, but attracts the smartest minds - because outlier companies are built by exceptional people like you.

Your Mission:

As a DevSecOps Engineer, you will lead the design, guidance and automation of our cloud infrastructure security, with robust, secure and scalable solutions. You’ll develop proactive strategies and solutions to ensure security is at the heart of everything we do here at lemon.markets.

This means: you will have an important role in building our brokerage API offering that allows companies to easily embed brokerage services into their existing products.

Moreover, you will expand and improve our existing Trading API Product to become the leading trading API for developers.

About you:

If you don’t match every single point below, that’s completely okay, We’re looking for strong alignment with most of these areas, plus the curiosity and drive to learn the rest on the job.

You have proven experience with AWS infrastructure and services and you know your way around AWS security fundamentals, such as VPC, Security Groups, Guard Duty, Control Tower or CloudTrail.
You have experience securing Kubernetes, e.g., applying network policies, admission controls, OPA/policy‑as‑code, and service‑mesh‑aware security patterns.
You understand the Software Development Lifecycle (SDLC) and its tooling (GitHub, CI/CD), and you know how to embed and operate security controls throughout the delivery lifecycle.
You are well versed with IaC and Configuration management tools such as Terraform and Helm chart.
You have hands‑on experience with network and identity security, including firewalls/WAF, PKI/certificates, identity providers (IdP/SSO), and RBAC/least‑privilege access controls.
You have hands‑on experience designing and operating a Vulnerability Management program end‑to‑end, covering SAST, DAST, SCA, container/image scanning, cloud/Kubernetes posture scanning, and runtime anomaly detection.
It’s a plus to hold any Security Certifications such as: GSEC, CISSP, CCSP, CCSK, CISM, GCUX or SAST.

You will be successful if:

Security is everything to you. We operate in a highly regulated environment and therefore having worked prior in a Fintech or Financial Service provider (Bank, Insurance or Brokerage) or within the Cyber Security industry would be preferred.
You have a bias for action over discussion. To avoid getting stuck in discussion, you collect new feedback, try out a different approach or gather data with a proof of concept because you trust the process.
You are ready and willing to take ownership of problems and act on them with no supervision and decisively.
You have a collaborative mindset . Working together as a team and sharing knowledge comes natural to you. Long term - you consider becoming a team lead.
You have no problem with learning new technologies on the go. You try to solve problems with more things than the ones you already know. We will always enable you with that, but your willingness has to come first.