Security Engineer (m/f/d)

Ivy is building the world’s first programmable bank. We know the bank of the future is going to be fully regulated and stablecoin-native. We believe that the crypto folks are too afraid of full bank charters, while the bank folks know too little about crypto to pull it off. We believe there’s a trillion-dollar opportunity to launch regulated banks built on the blockchain.

Today, we bank the world’s leading crypto platforms (Kraken). Tomorrow, our platform will power global correspondent banking. And who's going to bank all these AI agents? We are certain that if we get this right, Ivy is going to be Europe’s first $1T company.

We are a team of ex-founders, early employees at unicorns, and top-tier talent from fintech and banking, and we are backed by the world’s best fintech investors:

• Valar - Peter Thiel and the Valar team have been thinking about global money since PayPal times.

• Creandum - Previously invested in fintechs like Klarna, Trade Republic, Pleo, and iZettle

• 10+ unicorn founders

You are the first security hire. You own everything - infrastructure, strategy, architecture - and you bring it from 0 to 1. There is no existing stack and no legacy decisions. You decide what great looks like and you build it.

You'll build the systems that prevent vulnerabilities before they exist. Cloud hardening, pipeline guardrails, SIEM, vulnerability management - end to end. You make sure the platform is secure, auditable, and regulator-ready without slowing anyone down.

You'll work across engineering and product as the bridge between shipping fast and shipping securely. You're the technical authority for security tooling and the champion who makes every developer better at building secure software. You turn security from a gate into a foundation.

Ivy is building The Dark Bank - a bank run by agents. Our infrastructure team (DevOps, Security, Data) builds the foundation for that. We are a lean team of smart, high agency and high ambition individuals. You will work closely with the CTO, Lead DevOps and Head of Product. You are expected to move autonomously and you are by default trusted with all decisions you take.

In your first 6 months, you'll bring the security setup from 0 to 1 to launch a Fully Licensed Global Bank:

Month 1-2: You get into everything. AWS, GitHub, CI/CD - map the attack surface, find the gaps, fix what needs fixing. Wire up security guardrails in the pipelines. Own alerts from day one. Start laying the groundwork for SOC 2. By month two, you know where every door is and which ones are unlocked.

Month 3-4: You own the security stack and it actually works. DAST/SAST in the developer workflow. SIEM ingesting high signal data and agentically acting on it. Vulnerability management that has a real lifecycle. BC/DR designed, validated, tested. SOC 2 is on track with the evidence to prove it.

Month 5-6: Security is how the company builds, not something we bolt on. Threat modeling runs in the design phase. SOC 2 is done. The bank launches safely because you built the foundation for it.

We believe that throwing smart people with high agency at big problems produces the best outcomes. In the past, we have seen people succeed at Ivy with the following traits ranked by importance:

1. Safe Hands: You can run on your own and finish the job no matter what comes in your way.

2. Communication: You are proactively going to the whole company and make sure you get the context without getting prompted to do so.

3. Curiosity: You need to be super curious about all aspects of the business and dig deep to understand every use case to apply data effectively.

4. System Thinking: You can design and build systems from scratch.

5. Smartness: You are generally just very smart and can pick up new things quickly

This job is for you, if

• You always think product and customer first and find a way on how to deliver services securely

• You'd rather teach a team to ship securely than be the bottleneck that reviews everything

• You get more energy from talking to people across the company than sitting alone at your computer

• You'd rather own the whole problem than have a narrow lane

This job is not for you, if

• You think "security engineer" means writing compliance docs and saying no to engineers

• You need a well-defined scope handed to you on day one

• You prefer working in isolation and shipping quietly

• You need a large team around you to be effective

• You're not comfortable working under banking-grade regulatory scrutiny

Hard Requirements

• Experience: 4+ years in Security Engineering, DevSecOps, or a high-level DevOps role with a security focus.

• Cloud Fluency: Deep hands-on experience with AWS security services (IAM, GuardDuty, CloudTrail, etc.), AWS EKS, Kubernetes, Terraform.

• Automation Mindset: Ability to script in Python, or similar to automate security checks.

• Tools: Proven experience with SIEM platforms, SAST/DAST tools, and CI/CD integrations (GitHub Actions, etc.).

• Communication: The ability to explain complex vulnerabilities to developers in a way that inspires action rather than frustration.

We have designed our process to make it as short and straightforward as possible:

1. Screening Call - 15 minutes: Initial touchpoint to get familiar with the process and role expectations.

2. Meet the CTO - 20 minutes: Get to know and see if there is a match in expectations.

3. References: We talk with people you have worked with in the past.

4. Onsite Interview Day - 3h: You come to the office for a case study (1h) and to meet the key people from the team you will work with (2h)

5. Offer

Between each step, we send followups within 48h of the last step. We cover all travel costs for the on-site day. Our goal is to move from application to offer within 14 days, with feedback within 3 days of your final interview.

• Join a Dream Team: We focus on building a team of exceptional people who grow fast, take on big challenges, and inspire each other to deliver at the highest level.

• No Bullshit: Output over input, bias for action - we move fast and follow through, customer value over internal policies. We believe in big outcomes, not titles or hierarchies.

• Real Participation: Employees are shareholders. Every permanent employee participates in our equity program.

• Perks & Benefits: Relocation support, Visa Support, the latest Apple gear (MacBook + AirPods), lunch benefit, Gym benefit, a beautiful office in the heart of the city, 4x on-/offsites per year, weekly team dinner, and an annual development budget.