Security Engineer

We are looking for a mid to senior Security Engineer to join our Infrastructure & Security department. The main focus of the team is to ensure Avafin's products and teams have the least downtime possible. To accomplish this, the team is responsible for building and maintaining the IT infrastructure and workflows both on-prem and in the cloud for all teams, reliably deploy and operate our production services and products, manage services used at Avafin and ensure the organisation complies with applicable security standards and regulations. As technologies we use DefectDojo, OpenVAS​, Terraform, AWS, Kubernetes, Helm, ArgoCD, Github/Gitub Actions,​ Microsoft365, Entra, Go, Python and more.​

Our IT Department, which is based in Wiener Neustadt, is part of an international Fintech company which provides short and long-term consumer loans in 5 countries within and outside of Europe. With our own platform and websites, we provide an entirely digital lending process so we can guarantee a cashflow to the consumer within only a couple of minutes.​

Location: Austria, Poland, Latvia, Spain, EU

What we expect from you?

• At least 5 years of experience working in a Cloud Security position with focus in AWS

• Extensive hands-on experience with AWS security services (IAM, GuardDuty, Security Hub, Inspector, CloudTrail...)

• Strong background in IAM and least-privilege design

• Hands-on experience implementing Infrastructure as Code

• Strong understanding of network security concepts

• Experience with container and Kubernetes security (EKS, ECS, Docker hardening...)

• Proven track record in incident response, threat detection, and forensic investigations in AWS environments

• Fluency in English (communication with an international team)

What will you do?

• Lead IAM strategy and improvements in AWS

• Ensure secure, compliant, and resilient cloud infrastructure operations

• Strengthen overall security posture through standards, risk assessments, and controls

• Automate security processes, integrations, and daily operational tasks

• Monitor, detect, and respond to cloud security threats and incidents

What we offer?

• Remote work - up to 100% remote, or hybrid, if possible, up to you

• Flexible working hours - only need to cover core working hours with the team

• 34 hours working week - have more time for you and your hobbies at a competitive full time salary

• License courses, workshops and learning opportunities within a badge system