Security Engineer

As part of fulfilling the objective of becoming the leading global online banking payments provider, we are strengthening our capability in the information and cyber security area. Currently, we are restructuring our internal setup within the security area allowing us to scale and grow our teams. To get us going we are now looking for additional Security Engineers to join the Security and Compliance team focusing on our product security in Europe. 

As a Security Engineer at Trustly, you will be part of a team of security professionals ensuring security lies in the core of everything we build and operate. We combine our expertise in providing security services to the organization with automating security controls wherever and whenever possible. As our team is undergoing an expansive phase, you will have the opportunity to shape our direction and methodologies. Your contributions will be important in refining our interactions with merchants, allowing you to leave a large impact on our operational security framework.

• →

  Own and continuously improve our vulnerability management program, ensuring full coverage and accurate exposure visibility across all assets

• →

  Build and maintain automation around security tooling to ensure data quality, consistency, and actionable insights

• →

  Perform security assessments across the SDLC: design reviews, threat modeling, code reviews, and dynamic testing, working closely with engineering teams

• →

  Integrate and enforce security controls within CI/CD pipelines (SAST, DAST, secrets detection, dependency scanning), with a strong focus on developer experience

• →

  Conduct internal offensive security activities (penetration testing, red teaming, exploitation) to validate real-world risk and identify control gaps

• →

  Translate vulnerabilities into real business risk by validating exploitability and prioritizing remediation based on impact

• →

  Contribute to incident response and security investigations, including root cause analysis and improvement of detection and response capabilities

• →

  Actively participate in improving our security posture by challenging assumptions, refining detection logic, and improving how we measure exposure

• →

  Collaborate with infrastructure and platform teams (AWS, Kubernetes, IAM) to ensure secure-by-design architectures

• →

  Contribute to threat intelligence efforts by identifying relevant threats and mapping them to our internal stack and exposure

• →

  Support the evolution of our security practices, tooling, and processes as we continue to scale our business and security capabilities 

• You have hands-on experience in cybersecurity engineering, application security, or infrastructure security

• Strong understanding of modern cloud environments (preferably AWS), including networking, IAM, and containerized workloads

• Experience with vulnerability management and security tooling, with a good understanding of asset exposure and data accuracy

• Familiar with integrating security controls into CI/CD pipelines (SAST, DAST, secrets detection, dependency scanning)

• Comfortable performing technical security assessments (web, APIs, infrastructure), including validation and exploitation of vulnerabilities

• Solid understanding of core security concepts and protocols (DNS, TLS, authentication, CVEs, etc.)

• Able to think in terms of risk and prioritize based on real-world impact rather than theoretical vulnerabilities

• Experience working in regulated environments such as financial services is a strong plus

• Strong collaboration and communication skills, able to work closely with developers and infrastructure teams

• Pragmatic mindset, able to balance security requirements with engineering constraints

• Curious and proactive, not afraid to challenge existing setups and improve them

• Certifications (e.g. OSCP, OSWE or similar) are a plus but not required