Senior DevSecOps Engineer

About Light. Light exists to replace factory-era ERPs with software that feels alive. Our Smart Financial Platform gives modern, global companies superpowers—automated accounting, real-time reporting, and financial flows that move at the speed of the business. We build with our customers, ship fast, and obsess over craft. In a short time, Light has gone from idea to the operating core for leading companies like Lovable, Legora, and Keyshot. People don’t just use Light—they enjoy it. We’re an early team defining a new software category. Think engineers who love debits and credits, designers who care about reconciliation states, and operators who treat finance as a product. If you’re excited to modernize how the world runs money—one workflow at a time—you’re in the right place. Backed by world-class investors and advised by industry titans, we’re building category-defining products with the freedom to ship ambitiously and own outcomes. Come help us make Light the global default for next-gen finance.

The Senior DevSecOps Engineer role

You will own security across Light's engineering infrastructure and development lifecycle. You will establish the security controls and compliance posture that enterprise fintech customers require, whilst embedding security practices that scale with our rapidly growing engineering team. This is a hands-on technical role with strategic scope. You will split your time between infrastructure security engineering (Terraform, AWS security services, CI/CD hardening), compliance programme execution (SOC 2, GDPR, ISO 27001), and partnering with engineering teams to build security into their workflows from the start.

Our environment:

• AWS infrastructure (EKS, RDS PostgreSQL, Lambda, ECR, S3, SES, Bedrock for AI/LCI)
• Kotlin backend with Gradle, Next.js frontend with TypeScript
• GitHub Actions CI/CD, Tanka/Jsonnet for Kubernetes, Terraform for infrastructure
• Datadog and CloudWatch for observability, SOPS and AWS Secrets Manager for secrets
• 25 engineers scaling to 50+, distributed across 15+ countries

What you will own:

• You will design and implement security controls across our AWS environment, harden our EKS cluster security, and secure our CI/CD pipelines.
• You will establish security controls for our AI workflows, including Bedrock integrations, prompt validation, and model access governance.
• You will lead our SOC 2 Type II compliance programme, establish security policies for GDPR and ISO 27001, and implement automated compliance monitoring.
• Day-to-day, you will write Terraform, review architecture designs, triage security alerts, build security into development workflows, coordinate penetration testing, and partner with engineering on threat modelling and secure development practices.
• You will also respond to customer security questionnaires, document controls for auditors, establish incident response procedures, and work with our Head of Engineering on security roadmap and priorities.

How you fit into the team:

You combine deep technical knowledge with strategic judgment, knowing how to balance real-world risks with business speed. You are hands-on when needed, but equally capable of driving policy, compliance programmes, and long-term security maturity. You have led security in high-growth environments before — and you are ready to do it again, with impact.

Your qualifications:

• 5-7 years' experience in security engineering roles, preferably in fintech, SaaS or payments
• Proven experience owning infrastructure and cloud security in a fast-moving environment
• Deep technical expertise: AWS (VPC, IAM, EKS, Lambda, RDS), Kubernetes, Terraform/IaC
• Hands-on experience with vulnerability management, penetration test oversight, secure CI/CD, container security
• Familiarity with compliance frameworks: SOC 2, ISO 27001, GDPR
• Excellent risk judgment and ability to balance security requirements with business velocity
• Strong communication skills — able to influence engineers and explain security to non-technical stakeholders
• Practical experience using AI or emerging technology tools to improve productivity, insight, or decision-making, with the ability to apply first-principles thinking to new problems.

Bonus points:

• Prior experience in fintech / financial software / payments
• Certifications such as AWS Security Specialty, CISSP, CKS, OSCP, or equivalent
• Experience with compliance automation platforms (Vanta, Drata, Secureframe)
• Background in software engineering or prior development experience

A few tips to stand out:

• Show how you’ve balanced speed and security in a high-growth environment
• Demonstrate how you’ve influenced culture — not just control
• Share how you’ve measured and communicated risk, coverage, and progress
• Walk us through your past playbooks or roadmaps — and how they evolved
• Bonus if you can articulate the “why” behind the trade-offs you’ve made

The good stuff:

In addition to being part of a great team and working in a really fun and innovative environment, we offer:

• Competitive salary + potential stock options
• 25 days of annual leave + public holidays (in your country)
• Regular socials and company off-sites.
• A huge opportunity to shape a market-defining product and engineering culture

The famous last words:

At Light, we’re building the most trusted financial platform in the world — and trust starts with security. As our Security Lead, you’ll help us earn that trust every day. Join the rocket ship while it’s taking off.