Senior DevSecOps Engineer

Overview

Why we exist, and where we re headed:
Our Mission:
Redefining how the world interacts with value.

Who Are Yapily
Why we exist, and where we re headed:
Our Mission:
Redefining how the world interacts with value. Our Vision: A world without financial friction. Our

Purpose:

To empower everyone to access and move value. At Yapily, we re building a powerful, scalable, and secure open banking infrastructure that redefines how the world interacts with value. Our open banking platform powers leading companies, such as Adyen, Intuit Quick Books, and Google. By delivering payment initiation, bank data access, and pre-built products, we enable businesses to innovate fast and push the boundaries of financial technology.

As an early pioneer of open banking, we re actively shaping the future of this industry with unrivalled expertise and a relentless focus on innovation.

As a Senior Dev Sec Ops  Engineer, you will be a key driver in integrating security into every phase of our Software Development Lifecycle (SDLC). You will join a high-impact team, responsible for securing our highly available, multi-tenant platform built primarily on GCP and Kubernetes. This role requires a proactive and automated approach to security—you will be laying down the foundational security posture, automating compliance checks, and ensuring we not only meet but exceed the security requirements necessary for regulated financial services.

• Owning Security Tooling:
  Selecting, integrating, and maintaining security tooling both within our environments and in our CI/CD pipelines
• Engineering Security Guardrails:
  Designing, implementing, and enforcing automated security guardrails and policies across our entire cloud estate and CI/CD pipeline
• GCP Security Focus:
  Hardening and securing our Google Cloud Platform environment, including IAM policies, network security and resource configuration management
• Compliance Automation:
  Working closely with compliance and governance teams to translate requirements into automated, verifiable infrastructure and deployment practices
• Vulnerability & Patch Management:
  Automating and managing the end-to-end process for identifying, triaging, and working with the engineering teams to remediate security vulnerabilities in infrastructure, applications, and third-party dependencies
• Developer Empowerment:
  Building and maintaining  golden path  templates for secure service deployment, enabling feature teams to confidently and safely push code without compromising security

Contributing expertise to the security incident response team, helping to swiftly and effectively manage and resolve security events.

• Cloud Architecture & Security:
  Deep, practical experience designing, managing, and securing high-availability infrastructure within GCP
• API security:
  Proficient in reviewing, providing patterns and upskilling engineers to provide a secure API interface
• Kubernetes Security Proficiency:
  Expert knowledge of deploying, operating, and hardening Kubernetes (GKE) clusters, including network policies, container runtime security, and secrets management
• Infrastructure as Code (IaC):
  Solid skills in writing, securing, and testing configuration using Terraform or Open Tofu
• Security Tooling Expertise:
  Hands-on experience deploying and managing key security tools (e.g., Aqua Security, Falco, Prisma Cloud, or similar CSPM/CWPP/CNAPP solutions)
• Automation & Scripting:
  Proficient in at least one relevant language (Python, Golang, or Shell) for developing security automation and workflow tooling
• CI/CD Guardrails:
  Proven ability to build secure, repeatable, and robust deployment pipelines (e.g., Git Lab CI, Git Hub Actions) that integrate mandatory security checks

• Proven experience working with and adhering to Fin Tech-related certifications, standards, or frameworks such as SOC2, ISO 27001, PCI DSS, DORA or similar regulated environments
• Relevant certifications such as Google Cloud Professional Security Engineer, CKS (Certified Kubernetes Security Specialist), or CISSP