• Integrate SCA, SAST, and DAST tools into CI/CD pipelines to ensure secure software development.

• Implement Zero-Trust security principles across infrastructure, ensuring robust access controls and identity management.

• Design and deploy secure and scalable secrets management solutions to protect sensitive data.

• Develop comprehensive threat models for all services, identifying and mitigating potential risks.

• Conduct frequent penetration testing of internal applications and services to identify vulnerabilities proactively.

• Establish unified vulnerability management pipelines, integrating and standardizing security data from multiple sources.

• Ensure compliance with industry security standards, including SOC 2, ISO 27001, and NIST frameworks.

• Collaborate with development and operations teams to advocate for security best practices and secure coding principles.

• Automate security-related tasks, leveraging scripting and security orchestration techniques.

• Research and implement emerging security technologies, particularly in blockchain and cryptographic security.

• Hands-on expertise deploying and managing SAST, DAST, and SCA tooling to seamlessly integrate security into our CI/CD pipelines.

• A deep understanding of secure coding practices, threat modeling, and applied cryptography.

• Proven, practical experience with AWS security best practices and implementing cloud-native security solutions.

• A strong, demonstrable background in leading vulnerability assessments and conducting penetration testing.

• Familiarity with robust key management solutions and operational experience with Privileged Access Management (PAM) systems.

• Strong scripting and automation skills (e.g., Python, Bash, PowerShell) to automate security tasks and improve efficiency.

• Relevant security certifications like OSCP, OSWE, or AWS Security are a great asset, but your practical skills are what truly count.

• Excellent communication and collaboration skills—the ability to articulate complex security concepts to technical and non-technical teams alike.

• Experience working with HSMs (Hardware Security Modules) or other secure computational technologies, as well as with cryptographic technologies or crypto-related projects, is an advantage.

• Accelerate your career growth by joining one of Europe's leading cryptocurrency management platforms

• 25 vacation days per year

• Access to cutting-edge technologies, high levels of autonomy, and international working environment

• Hot/cold drinks and snacks in the office

Finoa is an equal opportunity employer devoted to diversity and inclusion in the workplace. We genuinely welcome and encourage applications from people of all backgrounds, cultures, genders, sexual orientations, abilities, neurodiversities, and ages.

We're committed to creating an inclusive workspace where everyone feels valued and respected, free from harassment and discrimination.

If there's anything you need to make the application process work for you, please let us know by reaching out to people@finoa.io.