Your mission We are looking for a Senior Product Security Engineer to enhance our security posture by integrating advanced security tools, implementing Zero-Trust principles, and proactively identifying and mitigating vulnerabilities. This role will play a critical part in ensuring compliance with industry security standards while fostering a culture of security best practices across development and operations. In this role, you will: Integrate SCA, SAST, and DAST tools into CI/CD pipelines to ensure secure software development. Implement Zero-Trust security principles across infrastructure, ensuring robust access controls and identity management. Design and deploy secure and scalable secrets management solutions to protect sensitive data. Develop comprehensive threat models for all services, identifying and mitigating potential risks. Conduct frequent penetration testing of internal applications and services to identify vulnerabilities proactively. Establish unified vulnerability management pipelines, integrating and standardizing security data from multiple sources. Ensure compliance with industry security standards, including SOC 2, ISO 27001, and NIST frameworks. Collaborate with development and operations teams to advocate for security best practices and secure coding principles. Automate security-related tasks, leveraging scripting and security orchestration techniques. Research and implement emerging security technologies, particularly in blockchain and cryptographic security. What you need to be successful: Experience in deploying and managing SAST, DAST, and SCA tooling within CI/CD environments. Strong knowledge of secure coding practices, threat modeling, and cryptography. Expertise in blockchain security and application security methodologies. Hands-on experience with AWS security best practices and cloud-native security solutions. Proven track record in vulnerability assessments, penetration testing, security monitoring, and incident response. Familiarity with key management solutions and Privileged Access Management (PAM) systems. Experience working with HSMs (Hardware Security Modules) or other secure computational technologies. Strong scripting and automation skills for security-related tasks (e.g., Python, Bash, PowerShell). Relevant security certifications such as OSCP, OSWE, AWS Security (preferred but not required). Excellent communication and collaboration skills, with the ability to work across teams and explain security concepts effectively. Prior experience working with cryptographic technologies or crypto-related projects is a plus. What’s in it for you: Accelerate your career growth by joining one of Europe's leading cryptocurrency management platforms 25 vacation days per year, with an additional day for each year of service - up to 30 days Access to cutting-edge technologies, high levels of autonomy, and international working environment Flexible working hours, hybrid work setup from both our Berlin and Porto offices Fitness (Urban Sports Club) and mental health (Likeminded) memberships Hot/cold drinks and snacks in the office, and All Hands meetings once a month with pizza About us Finoa is a regulated crypto asset platform for institutional investors co-founded in 2018 by Christopher May and Henrik Gebbing. The company came to life through the shared aspiration to make institutional interactions with crypto assets simple and secure, and is backed by prominent investors, including Balderton Capital, Coparion, Maven11, Signature Ventures, and Venture Stars. Finoa has since then grown into a truly international company, powered by a diverse team and serving high-profile clients from around the world. Reference clients include renowned venture capital firms, crypto hedge funds, corporates, Web3 companies, and high-net-worth individuals. If you want to join one of Europe’s most exciting crypto start-ups, be part of the next wave of innovation disrupting finance, and grow together with us, then this is your chance to apply. Finoa is an equal opportunity employer devoted to diversity and inclusion in the workplace. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, or disability status.