IT Security Engineer (Hamburg, Hybrid)

IT Security Engineer (DevSecOps) | FinTech

Location: Hamburg (Hybrid)

Industry: B2B Payments & Supply Chain Finance

The Mission

Join a BaFin‑regulated, international Payment Institution that is bridging the gap between global transactions and supply chain finance. Partnering with the world’s largest banks (including Deutsche Bank and UniCredit), our client handles high‑stakes liquidity for enterprise customers. As an IT Security Engineer, you will be the guardian of this ecosystem, ensuring that \"security‑by‑design\" is a reality, not just a buzzword.

The Role

This is a proactive, hands‑on role situated at the intersection of Infrastructure, Application Security, and Compliance. You won’t just be monitoring dashboards; you will be architecting the resilience of a platform that moves millions of Euros daily.

• Infrastructure Hardening: Strengthen and secure cloud/on‑prem infrastructure, working directly with DevOps to automate security within the CI/CD pipeline.


• Offensive & Defensive Security: Conduct regular penetration testing, security assessments, and audits. Lead incident response and malware investigations when needed.


• AppSec Advocacy: Partner with Java/Spring development teams to identify vulnerabilities at the code level and enable secure deployment configurations.


• Regulatory Leadership: Play a key role in aligning the technical stack with critical industry standards, including GDPR, ISO 27001, and the upcoming DORA requirements.

Your Profile

• Proven Track Record: Several years of experience in IT Security, ideally within a high‑stakes or regulated environment (Finance, Healthcare, etc.).


• Tooling Mastery: Deep familiarity with SIEM, IDS/IPS, firewalls, and PenTesting frameworks.


• Automation Mindset: Proficient in Linux environments with strong scripting skills (Python, Bash, or Ansible) to automate security tasks.


• Developer Empathy: A solid understanding of the Java/Spring ecosystem and how security fits into the modern SDLC.


• Proactive Nature: You don't wait for a breach to happen; you hunt for vulnerabilities and propose architectural improvements.

What’s in it for you?

• High Impact: Direct ownership over the security posture of a growing financial institution.


• Modern Culture: A tech‑first environment with flat hierarchies, flexible hours, and a focus on \"getting things done\" rather than bureaucracy.


• Growth & Budget: An annual personal development budget and structured feedback to ensure you stay at the forefront of the Cybersecurity field.


• The \"Hamburg\" Perk: Work from a modern office in the heart of the city with a team that values both professional excellence and team spirit.

Why this role?

In the world of European Fintech, DORA (Digital Operational Resilience Act) is the biggest shift in a decade. This role puts you at the center of that transition, giving you the chance to build a \"gold standard\" security environment that satisfies both elite hackers and strict German regulators.