
Upvest · Berlin
At Upvest, we are on a mission to make investing as easy as spending money. Upvest empowers businesses to offer a wide range of investment products and the best...
At Upvest, we are on a mission to make investing as easy as spending money. Upvest empowers businesses to offer a wide range of
investment products and the best experience in the field of capital market investment and retirement planning. Upvest’s Investment
API is easy to integrate so that fintechs and financial institutions can save resources and fully focus on their core business.
We are proud to partner with Europe’s leading Fintechs and financial institutions such as DKB, Revolut, N26 and Raisin. Founded in
2017 by Martin Kassing, Upvest now brings together over 270 talented professionals from more than 70 nationalities. Upvest is
backed by €280M in total funding from world-class investors, including BlackRock, Tencent, Sapphire Ventures, and Bessemer Venture
Partners, Earlybird, Notion Capital, and Motive. Our latest €105M funding round in March 2026 - led by Sapphire and Tencent -
serves as a massive catalyst for our growth, allowing us to offer premier investment experience.
Upvest is at the inflection point where security needs to scale and remain a foundational discipline of the company. We're hiring
a Security Engineering Lead to step into our lean and efficient Security team, set its multi-quarter direction, work
cross-functionally and scale Security Engineering into a team that continues to own Upvest's entire application security and cloud
security posture in a highly regulated environment as it scales.
This role sits alongside our Security Operations and GRC teams, which owns detection, response, and compliance operations. Where
SecOps keeps watch over what's happening now, Security Engineering shapes what we build and how we build it, embedding security
into the SDLC, hardening our cloud environment, and building the platforms that make security teams more effective.
You will own the secure paved roads every Upvest engineer relies on: automated SAST/DAST/SCA in our GitHub Actions pipelines,
SSDLC adherence, IAM and network controls, and the technical implementation of DORA's (and other regulations') ICT risk framework
for our platform.
Our mission for the team is simple: make the secure way the easy way for everyone at Upvest.
product roadmap, our tenant commitments, and our regulatory obligations under DORA, MiFID II, and BaFin's MaRisk / BAIT
requirements.
hiring, onboarding, growth, and retention as we scale. And you'll create initiatives to build security into the development and
product life cycle.
review queues and more security baked into the templates.
Actions CI/CD, and vulnerability management.
Authorization for GKE, Terraform-driven infrastructure security baselines, and our Linkerd service mesh posture.
framework (Art. 5–9), secure development testing requirements (Art. 16), and threat-led penetration testing (Art. 24–27) into
engineering work programmes — and into evidence we can show auditors and regulators.
partnerships, security champions across product squads, collaboration beats gatekeeping.
engineering workflow are an active concern
regulated environment. You don't need to check every box, but we're asking for evidence that you've taken security from "owned
by one team in a queue" to "embedded in how an engineering org ships."
modeling designs, debating architectures, and writing tooling when it's valuable.
(Terraform), and Kubernetes hardening (RBAC, network policies, Pod Security Standards) as a craft.
supply-chain security (SLSA, signing).
navigate ambiguity, set direction, and make sound risk-based decisions that scale with the organisation. People want to work
with you, because you don't just say "no", you say "yeah, and this is how".
real-time feedback, and address performance issues quickly and fairly.
Communicate cleanly across audiences e.g. a security incident write-up to engineering, a control narrative to an auditor, and a
risk briefing to executives are three different documents, and you can write all three.
and the specific operational shape of selling to regulated customers.
modern backend language.
actionable technical requirements other people understand. You can hold your own with auditors and regulators without losing
engineering pragmatism.
in incident response. This matters in practice, you'll be part of the security on-call rotation, so being comfortable picking
up an active incident is real, not theoretical.
with the most powerful models and tooling on the market.
ambitious, and meaningful. You’ll work with modern technologies and create something entirely new. No legacy systems, no
limits.
professional coaching and enjoy the flexibility to work remotely abroad for up to 183 days a year. Recharge with UpRest, a
one-month fully paid sabbatical after every 4 years of working at Upvest.
use it.
on the role. We give you the choice and budget to work where you’re most comfortable and productive, either at home or in the
office. You choose.
and a participation in our employee equity program.
colleagues and celebrate our achievements.
connection, like Upfem for our female Upvengers, or UpVergent supporting neurodivergent Upvengers and allies.
others.
Upvest is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all
employees.
ABOUT US: SRLabs is home to knowledge leaders securing critical infrastructures in finance, energy, and telecommunications. We focus on hands-on hacking resilience – not compliance –, which we shape by combining our hacking research with impactful consulting work for innovation leaders that have a natural thrive for cutting-edge technologies. What makes us unique? We come from diverse backgrounds from all over the world, and that's just the way we like it. From coding, reverse engineering, penetration testing, exploit scripting, process design, research and consulting skills, our mix of colleagues possesses a vast set of qualifications, that equips us to influence design decisions of large-scale organisations. YOUR RESPONSIBILITIES Job brief: As a Red teamer at SRLabs, you work in a small and specialised team simulating infiltrations of corporate environments with high levels of protection for our clients. From obtaining initial access via external vulnerabilities or phishing, over lateral movement and to a domain takeover, you take part in the full chain of emulating adversarial cyber attacks. To remain undetected and complete your mission, you are able to avoid noise and bypass detection solutions and other protection measures. You analyze protection and monitoring gaps for their technical and operational root causes, and provide actionable steps for closing these gaps, bearing in mind the customer specific constraints our clients are facing. Your strategic advice supports the management in defining the security roadmap and employing security budget most effectively. Your Responsibilities: * Participate in red team engagements at SRLabs' clients * Perform external penetration testing and run phishing campaigns * Bypass protection measures and move undetected inside corporate networks * Develop tools, scripts and exploits for red team engagements * Create presentations to communicate risk and provide strategic advice on process optimizations * Support the client in addressing findings, in both, written and verbal communication * Develop methodologies to extrapolate from Red Team insights to generic security assurance checks * (Optional) Lead red team exercises and take responsibility for what comes with it (scoping, task management, escalations, ...) WHAT DO YOU BRING? What do you bring: * Strong foundational knowledge of information technology, including (Operating systems, Networking and Web technologies) * Hands-on experience in offensive security and red teaming * Solid experience with Active Directory and Entra ID security * Experience in client-facing roles or security consulting, including (presenting technical findings to diverse audience and provide strategic advice to clients) * Infrastructure and web penetration testing * Proficiency in programming languages such as: * Python, C/C++, Go, Java * Excellent communication skills in English (written and verbal) Nice to have Relevant expertise from areas like * Malware delivery and development * Incident response * Vulnerability research and exploit development * Reconnaissance, OSINT and social engineering * Operational security and bypassing of security measures (AV/EDR, endpoint and infrastructure hardening, SIEM generated alerts, Honeypots, ...) * Detection engineering and SOC operation * Experience in management consulting and communication WHAT AWAITS YOU WITH US? What awaits you with us: * Diverse team of highly motivated and competent security experts * Culture of constant learning and improvement * Flexible home office. * You can work from anywhere in Germany * Yearly company retreat * Urban Sports Club membership * Deutschlandticket (public transportation) * 30 days paid vacation APPLY NOW We are looking forward to receiving your application.
bunch is building the backbone of private markets. We are enabling next-gen fund operations with one integrated system that combines secure data infrastructure, AI-powered workflows and expert fund services. If you value ownership, growth through real responsibility, and working with a thoughtful, ambitious team, this role might be for you. We are seeking a Regulatory and Compliance Counsel (m/f/d) to join our growing legal team and lead all matters of risk, compliance and regulation for the bunch group. Reporting directly to our General Counsel, Jessica McBride, you will play a pivotal role in shaping our company's growth trajectory, ensuring we scale effectively and compliantly. YOUR ROLE * Own end-to-end our strategy, posture, policies and compliance with critical EU and UK frameworks, including GDPR, DORA and AML regulations * Co-own (together with Engineering) our IT security initiatives, including ISO 27001 and future certifications (e.g. SOC2), as well our company IT sec governance * Help shape and drive our company’s strategy on AI governance and ensure compliance with the EU AI Act * Be the point person for EU and UK regulatory developments affecting bunch’s business model * Support with regulatory analyses for market entry / go-to-market * Be responsible for regulatory (e.g. change-of-control) filings in connection with the execution of our M&A strategy * Manage all compliance and IT aspects of our vendors and providers and procurement process * Ensure that we stay compliant with ongoing financial and fiscal regulatory obligations, such as AIFMD, FATCA/CRS and German Bundesbank filings and local authority registrations * Shape our company’s risk and risk management strategy, together with leadership * Work directly with the General Counsel in a small and agile legal team ABOUT YOU * Completed studies in law (i.e., German Second State Exam, J.D., LL.B./LL.M. or equivalent qualification — but no German-law studies required) * At least 2-3 years of professional experience, with a broad focus on compliance, risk and regulatory matters, ideally gained in a regulated in-house environment * Experience with cross-border, multi-entity company groups and managing regulatory and compliance issues across borders * Affinity for IT security and the engineering aspects of security * Interest in taking on broader legal, operational and strategic workstreams within a start-up * Strong project management skills * Excellent written and spoken skills in English (C1+), along with solid German skills (B2+, but no native speakers required) * Be self-motivated, detail-oriented, organised, and comfortable with responsibility * Be excited about working in a fluid, innovative, fast-paced, and creative environment and about being a part of bunch's culture * If prior experience in or exposure to financial services or funds regulation, this is a plus, but not a prerequisite * Diverse backgrounds are strongly encouraged WORKPLACE & BENEFITS * Take part in a network of people passionate about investment and work closely with the most interesting players in private markets * Benefit from working with a diverse mix of talents, unrivalled energy, and team spirit within a culture of drive and ownership * Flexible hours and a hybrid office setup (3 days/week in office) * 4 remote calendar weeks/year * 28 days of vacation, 2 company days, plus local public holidays * A competitive compensation package * A great tech and work setup with everything you need Hiring process 1. People Team Interview (30 min) – Meet us & ensure mutual fit 2. Deep Dive Interview (45 min) – Collaboration, ownership, and culture 3. Case Study (90 min) – Technical skillset evaluation with the General Counsel 4. Final Stakeholder Interview (60 min) – Meet your important stakeholders About bunch bunch is building the operating infrastructure for the next generation of private markets. We combine AI-powered automation with deep regulatory expertise to replace fragmented spreadsheets and manual processes with one integrated platform across the fund lifecycle, purpose-built for private markets heading toward $32 trillion in Assets Under Management. We've 4x our ARR in 2025, crossed 150 fund managers and 12,000 LPs on the platform, and just closed our $35M Series B in May 2026. We're looking for ambitious people who want real ownership of hard problems, and who care about building infrastructure that actually matters to the people using it. ____ At bunch, we're committed to an inclusive environment where diversity is valued and celebrated. We provide equal opportunities to all qualified applicants. We process personal data in line with applicable laws (including GDPR). See our Privacy Policy for details on your rights and how to reach us.
Raisin is the world’s leading platform for savings and investment products. Founded in 2012, the FinTech connects consumers with banks in the EU, the UK and the US. This gives consumers better interest rates and banks a diversified form of refinancing. Our vision is to offer savings and investments without barriers and thus open up the global 160 trillion euro market. Raisin currently employs more than 800 people from over 75 countries worldwide. Today, the platform holds over 80 billion euros in assets from more than one million investors which have accrued over 5 billion euros in returns. Team For this challenging and highly impactful role, we are seeking a dedicated, highly communicative IT Security Manager with vision and drive. In this position, you will lead and develop Raisin's internal security teams. You will act as a critical internal sparring partner (for Business, IT, and the 2nd Line of Defense) and take the absolute lead in coordinating our technical security implementation. As a versatile leader with a comprehensive overview of our security posture, you will ensure that our internal operations are resilient, compliant with regulations like DORA, and seamlessly executed by your teams. Your Responsibilities * Team Leadership & Internal Execution: Take ownership of our internal security operations. You will lead, mentor, and steer our internal security experts in a results-oriented manner, ensuring the continuity and excellence of daily security operations. * Internal Coordination & Sparring: Act as the central, consultative liaison across the company. You will lead cross-departmental coordination of security topics, define clear security requirements for our Infrastructure and engineering teams, and develop pragmatic, scalable solutions. * 1st Line Security Operations: Oversee the technical execution performed by your teams. Your duties will include actively participating in incident analysis, threat mitigation, and ensuring robust monitoring is in place. * 2nd Line Liaison & DORA Alignment: Serve as the central point of contact for the "2nd Line of Defense" (CISO). Ensure that our operational reality and technical controls align with overarching IT Governance, risk frameworks, and regulatory requirements like the Digital Operational Resilience Act (DORA). * Project Management: Drive and contribute to broader projects. If you enjoy organizing and structuring security-related agendas across the IT landscape, there is plenty of impactful work to be done! * Cloud Security Oversight: Leverage your deep understanding of AWS Cloud Infrastructure and the AWS Shared Responsibility Model to guide your teams in maintaining a secure, robust, and compliant cloud environment. * Strategic Vendor Management: Pragmatically manage relationships with third-party security vendors (e.g., security tooling, external testing, specialized services). You will steer these partnerships to ensure strict SLA adherence, cost-effectiveness, and a strong Return on Investment (ROI) for our security stack. Your Profile * Extensive Professional Experience: 10+ years of overall experience within the Cybersecurity or Information Security space, combined with at least 3+ years of proven experience working directly as an IT Security Manager or in a similar leadership capacity. * Broad Cybersecurity Background: The world of security is vast, and your holistic expertise counts. You have broad experience across domains such as IT Governance/GRC, ISMS, ISO 27001, BCM, NIS 2, DORA, Vulnerability Management, SOC/SIEM, IAM/PAM, Penetration Testing, Network Security, or DevSecOps. * Generalist Leadership Mindset: A comprehensive overview and a fundamental understanding of security technologies, industry standards, and their potential business impact are highly valued. You know how to guide specialists without getting lost in the weeds of individual security tools. * Team Management Experience: Proven track record in leading, structuring, and motivating internal technical teams in a fast-paced, mission-critical IT environment. * Technical Acumen: Really good understanding and practical working knowledge of AWS Cloud Infrastructure, including a firm grasp of the cloud Shared Responsibility Model and how to implement it effectively. * Framework Knowledge: Basic knowledge of IT Service Management (ITSM, ITIL) and a solid technical understanding of the security domain are prerequisites. * Work Style & Traits: You possess a strong sense of responsibility, flexibility, and an eagerness to engage with new topics. You are distinguished by a commitment to collaborative teamwork, a respectful and supportive interpersonal style, and a work approach that is solution-oriented, analytical, structured, and reliable. * Language & Communication: Excellent proficiency in spoken and written English alongside fluent German is a plus. Join our mission, join our team – and grow with us! At Raisin, we care about each other and it is one of our top priorities to foster an open and caring environment in which everyone feels welcome and comfortable. Our culture is strongly driven by our ambitious team, which connects more than 75 different nationalities. As part of out team, you will benefit from: * Employee Development Budget of €2,000 and four full training days per year. * Flexible working hours, home office and 30 vacation days. * A company pension scheme (Betriebliche Altersvorsorge), which we support with 20%. * Enjoy more than 50+ different sports with Urban Sports Club: We subsidize your membership with more than €20 per month. * Do you miss being in the office? The Deutschland Ticket gets you there, which we subsidize with €25 per month. * Love cycling? With JobRad, lease the bike of your choice and enjoy tax savings, plus Raisin covers your monthly insurance costs. * Hungry all the time? Snacks, daily fresh fruit as well as drinks provided at the office. * You are moving from another country or city to join us? We may support your relocation. Raisin Applicant Privacy Policy We value diversity and the unique experiences each individual brings. If you’re excited about this role but don’t meet every requirement, we still encourage you to apply. We are an equal opportunity employer and are committed to creating an inclusive environment for everyone, regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, or gender identity.