Security Engineering Lead
HV Capital is a European venture capital firm that provides capital and support to bold founders across multiple stages and industries. With 26 years of experience, they have backed companies across AI & Enterprise Software, Deep Tech, Resilience & Defence, FinTech, and Consumer sectors.
About HV Capital
HV Capital is a venture capital firm with 26 years of experience investing in European innovation across multiple industries and business cycles. The firm backs founders from early stage through growth, spanning multiple fund generations, with a portfolio that includes companies in AI & Enterprise Software, Deep Tech, Resilience & Defence, FinTech, and Consumer sectors. Notable portfolio companies include NEURA Robotics, Zalando, n8n, Isar Aerospace, Quantum Systems, ARX, and Scalable Capital, with several portfolio companies having reached IPO. HV Capital has approximately €2.89 billion in assets under management and works with founders across multiple disciplines and team perspectives.
Skills
About the Role
You will step into a lean and efficient Security team to set its multi-quarter direction, work cross-functionally, and scale Security Engineering into a team that owns Upvest's entire application security and cloud security posture in a highly regulated environment as it scales. You'll own the secure paved roads every Upvest engineer relies on: automated SAST/DAST/SCA in GitHub Actions pipelines, SSDLC adherence, IAM and network controls, and the technical implementation of DORA's (and other regulations') ICT risk framework for the platform. Your mission will be simple: make the secure way the easy way for everyone at Upvest.
Requirements
- 6-10 years in security engineering with 4+ years focused on product security or cloud security in a regulated environment
- Hands-on and technically credible with ability to read code threat model designs debate architectures and write tooling
- Cloud-native security depth with GCP preferred AWS or Azure transferable including IAM network segmentation KMS IaC security Terraform and Kubernetes hardening RBAC network policies Pod Security Standards
- Product and application security foundations including OWASP Top 10 ASVS secure code review SAST DAST SCA tooling integration and supply-chain security SLSA signing
- Ability to lead through influence and drive security outcomes through partnership with engineering teams
- Experience hiring and growing a small team
- Ability to communicate cleanly across audiences from engineering to auditors to executives
Responsibilities
- Set the multi-quarter strategy for application and cloud security across the Investment API platform aligned with the product roadmap tenant commitments and regulatory obligations under DORA MiFID II and BaFin's MaRisk BAIT requirements
- Lead mentor and grow the Security Engineering team and Upvest's security culture including hiring onboarding growth and retention
- Build paved roads owning encryption authN authZ CI CD data and network surfaces
- Own application security end to end including threat modeling secure code review SAST DAST SCA tooling integration and vulnerability management
- Drive cloud security posture across the GCP environment including IAM VPC Service Controls Cloud KMS CSPM Binary Authorization for GKE Terraform driven infrastructure security baselines and Linkerd service mesh posture
- Mature DORA technical implementation by translating ICT risk framework secure development testing requirements and threat led penetration testing into engineering work programmes and audit evidence
- Embed security in every product design through architecture reviews design partnerships and security champions across product squads
- Stay current on emerging threats including AI LLM security and agentic identities
- Represent Upvest's security posture clearly to stakeholders
- Participate in the security on-call rotation
Benefits
- €20,000 per year to spend on AI tools
- 30 days of annual leave
- Sports benefits
- Confidential professional coaching
- Flexibility to work remotely abroad for up to 183 days a year
- One-month fully paid sabbatical after every 4 years of working at Upvest
- Personal development budget
- Flexible work environment across hubs in Berlin, London or Tallinn, hybrid or remote across Europe
- Competitive above-market salary and employee equity program
- Company-wide events such as UpFest, dinners, offsites and Holiday party
- Employee Resource Groups
