Senior DevSecOps Engineer

Who are Yapily? Why we exist, and where we’re headed:

Our Mission: Redefining how the world interacts with value.

Our Vision: A world without financial friction.

Our Purpose: To empower everyone to access and move value.

At Yapily, we’re building a powerful, scalable, and secure open banking infrastructure that redefines how the world interacts with value. Our open banking platform powers leading companies, such as Adyen, Intuit QuickBooks, and Google. By delivering payment initiation, bank data access, and pre-built products, we enable businesses to innovate fast and push the boundaries of financial technology. As an early pioneer of open banking, we’re actively shaping the future of this industry with unrivalled expertise and a relentless focus on innovation.

What We Are Looking For

As a Senior DevSecOps Engineer, you will be a key driver in integrating security into every phase of our Software Development Lifecycle (SDLC). You will join a high-impact team, responsible for securing our highly available, multi-tenant platform built primarily on GCP and Kubernetes. This role requires a proactive and automated approach to security—you will be laying down the foundational security posture, automating compliance checks, and ensuring we not only meet but exceed the security requirements necessary for regulated financial services.

Responsibilities:

• Secure Infrastructure & Compliance: Owning Security Tooling: Selecting, integrating, and maintaining security tooling both within our environments and in our CI/CD pipelines.
• Engineering Security Guardrails: Designing, implementing, and enforcing automated security guardrails and policies across our entire cloud estate and CI/CD pipeline.
• GCP Security Focus: Hardening and securing our Google Cloud Platform environment, including IAM policies, network security and resource configuration management.
• Compliance Automation: Working closely with compliance and governance teams to translate requirements into automated, verifiable infrastructure and deployment practices.
• Vulnerability & Patch Management: Automating and managing the end-to-end process for identifying, triaging, and working with the engineering teams to remediate security vulnerabilities in infrastructure, applications, and third-party dependencies.
• Developer Empowerment: Building and maintaining 'golden path' templates for secure service deployment, enabling feature teams to confidently and safely push code without compromising security.
• Incident Response: Contributing expertise to the security incident response team, helping to swiftly and effectively manage and resolve security events.

What You Bring (Essential Skills)

• Cloud Architecture & Security: Deep, practical experience designing, managing, and securing high-availability infrastructure within GCP.
• API Security: Proficient in reviewing, providing patterns and upskilling engineers to provide a secure API interface.
• Kubernetes Security Proficiency: Expert knowledge of deploying, operating, and hardening Kubernetes (GKE) clusters, including network policies, container runtime security, and secrets management.
• Infrastructure as Code (IaC): Solid skills in writing, securing, and testing configuration using Terraform or OpenTofu.
• Security Tooling Expertise: Hands-on experience deploying and managing key security tools (e.g., Aqua Security, Falco, Prisma Cloud, or similar CSPM/CWPP/CNAPP solutions).
• Automation & Scripting: Proficient in at least one relevant language (Python, Golang, or Shell) for developing security automation and workflow tooling.
• CI/CD Guardrails: Proven ability to build secure, repeatable, and robust deployment pipelines (e.g., GitLab CI, GitHub Actions) that integrate mandatory security checks.

Impress Us More By Having (Desirable)

• Proven experience working with and adhering to FinTech-related certifications, standards, or frameworks such as SOC2, ISO 27001, PCI DSS, DORA or similar regulated environments.
• Relevant certifications such as Google Cloud Professional Security Engineer, CKS (Certified Kubernetes Security Specialist), or CISSP.

Why You’ll Love Working With Us

• Competitive Pay & Equity – We offer a great base salary plus equity, so you’ll own a part of what we’re building together.
• Generous Time Off – Enjoy 25 days of holiday each year (plus bank holidays if you’re in the UK), and earn an extra day each year after your first, up to 5 more!
• Hybrid Working – Life’s about balance. You can work from home up to 3 days a week, eligibility criteria applies.
• Nomad Working – Feel like a change of scenery? Work from anywhere for up to 20 days each year.
• Family First – We offer enhanced Maternity and Paternity leave because your family matters.
• Private Medical Insurance – You’ll get top-notch cover through BUPA, because your health is a priority.
• Mental Health Support – Access personalised mental wellness support through our award-winning partner.
• Future-Ready Perks – Including a solid company pension, life assurance, and income protection.
• Learn & Grow – A £200 annual budget for learning and personal development. Invest in you!
• Cycle to Work Scheme – Commute the healthy way with support from our cycle to work programme.
• Refer a Friend – Bring someone great onboard and earn £1,000 with our referral scheme.
• Team Vibes – Monthly socials, team lunches, and a budget to hang out and have fun (yes, pizza included 🍕).
• Office Snacks & Doggies – Daily snacks to keep you going, and yes – we’re proudly a dog-friendly office 🐾.

Our Values

• We obsess about quality. Our customers have entrusted us with a critical function in a regulated industry…and we take that responsibility seriously. We always assume ownership and hold ourselves accountable.
• We are curious. Our innovation is powered by our collective growth mindset. We’re lifelong learners who challenge assumptions, experiment, and iterate.
• We act with integrity. We’re guided by our mission and earn and maintain trust by doing what’s right, even when it’s not easy.
• We are do-ers. We reject indifference and agility is our strength. We’re motivated by challenges, and biased towards action.
• We problem-solve together. We’re diverse people in diverse places, and know the best solutions are born out of collaboration. We win, lose, and learn…together.