Senior Security Engineer

If you care about building secure systems properly (not ticking boxes) this role is for you.

What if you could help build Europe’s first Super App from the inside? Rebell is building something Europe has never had before: a Super App.

A single gateway where people can shop, pay, book, connect, and manage their daily lives across multiple countries, without switching between dozens of apps. In Asia, super apps like Alipay and WeChat have transformed the way hundreds of millions of people live and interact.

That means real attack surfaces , real regulatory constraints, and real consequences if things are done poorly.

Rebell is already funded and staffed with senior leaders from Alipay, Twint, Scalapay, and Glovo. The launch is planned for late 2026 , and the project is fully financed (+30M) no dependency on short-term fundraising.

We are now hiring a Senior Security & DevSecOps Engineer to help design and secure the AWS platform that will run this system at scale.

This is a role for someone who enjoys thinking deeply about systems , automation, and failure modes, and who wants security to be engineered , not bolted on.

The role

You will work at the intersection of cloud security, DevSecOps, and platform engineering .

Your job is to make sure security is:

• built into infrastructure from day one,
• automated wherever possible,
• understandable by engineers,
• and strong enough to support a regulated, high-scale fintech platform.

This is not a compliance-only role and not a “security says no” position.

You will enable teams to move fast without doing unsafe things .

What you’ll do

Cloud & infrastructure security (AWS)

• Design and own the security architecture of Rebell’s AWS platform.
• Implement and maintain IAM , secrets management, KMS, least-privilege access, and auditability.
• Use AWS security services such as GuardDuty, Security Hub, CloudTrail, Config, WAF in a meaningful way (not just “turned on”).

Infrastructure as Code & DevSecOps

• Define Terraform security standards , reusable modules, and guardrails.
• Embed security checks into CI/CD pipelines (GitLab, Jenkins or similar).
• Automate security validation instead of relying on manual reviews.
• Perform threat modeling and risk analysis for new services and architectures.
• Ensure alignment with ISO 27001, SOC 2, GDPR, NIST, CIS benchmarks .
• Translate compliance requirements into practical engineering controls .

Vulnerability management & incident response

• Run and review vulnerability scans and penetration tests .
• Track remediation and push for real fixes, not exceptions.
• Support incident response , root cause analysis, and post-mortems focused on learning.

AI & advanced workloads

• Secure ML pipelines, data processing systems, and AI service integrations .
• Ensure strong practices around data encryption, access control, and model integrity .

Enablement

• Help engineers write secure code by default.
• Explain why things matter instead of just enforcing rules.
• Raise the overall security maturity of the platform over time.

How we work at Rebell

• We prefer clear rules and good systems to meetings and approvals.
• We believe in “better forgiveness than permission”, as long as decisions are well-reasoned.
• We only perform tasks that no-one else can do . If we can outsource a task that can be done by others in the same way we would, we do.
• We want an ultimately lean organization . We believe that large teams create complexity hinder innovation and adaptation.
• We believe in “better forgiveness than permission”, backed by solid engineering judgment.
• We simplify things as much as we can and automate whatever we can . We want to go hardcore on deletion and simplification.
• We hire for attitude ; skills you can learn from the team.
• We value contribution , not seniority.

We’re an international team (10+ nationalities). English is the working language.

About you

• 10+ years of experience in Security, DevSecOps, Cloud Infrastructure, or Platform Engineering.
• Deep hands-on experience with AWS and cloud security primitives.
• Strong Terraform / IaC experience; you think in code, not checklists.
• Solid understanding of network security, containers (Docker, EKS), and cloud-native architectures .
• Experience integrating security into CI/CD pipelines .
• Comfortable reasoning about threat models, failure modes, and trade-offs .
• Familiarity with AI / data security is a plus.
• Certifications are nice, but real systems you’ve secured matter more .

We’re not looking for someone to write policies all day, but for someone who enjoys making complex systems harder to break .