Security Engineer

Vulnerability Management

• Conduct regular scans to identify and document vulnerabilities in software, hardware, and network components.
• Develop a prioritized remediation plan based on severity and impact.
• Implement patch management and configuration changes to mitigate risks.
• Provide documentation and reports to support SOC 2 Type 2 compliance.

SDLC Security

• Integrate security practices into the Software Development Life Cycle.
• Adopt secure coding standards and perform code reviews.
• Implement automated security testing (static and dynamic analysis).
• Facilitate training and awareness programs for development teams.

Intrusion Detection and Response

• Implement and maintain an Intrusion Detection System (IDS).
• Develop and execute an incident response plan.
• Conduct regular drills and provide training for incident response readiness.
• Monitor and report on detected threats to ensure an effective response.

Continuous Monitoring and Validation

• Perform ongoing validation of security controls and internal audits.
• Establish continuous monitoring processes and alerting mechanisms.
• Maintain documentation to demonstrate a robust and consistent security posture.

This role strengthens the security of Doconomy's systems, ensuring they remain resilient and compliant with SOC 2 Type 2 standards, which supports the organization's mission to drive global climate action through trusted financial tools.

• Hands-on experience in cybersecurity, with focus on vulnerability management, SDLC security, and infrastructure/DevOps security.
• Experience with cloud deployments, CI/CD pipelines, and container/orchestration security.
• Strong knowledge of SOC 2 Type 2 compliance requirements.
• Excellent problem-solving and communication skills to explain security issues to technical and non-technical teams.
• Ability to work independently in a distributed team environment.

Preferred Qualifications:

• Relevant certifications such as CISSP, CISM, or similar.
• Familiarity with SOC 2 Type 2 compliance and security auditing.
• Experience with intrusion detection systems, incident response planning, and continuous security monitoring.
• Experience in secure cloud architecture, IaC security, and DevSecOps practices.
• Experience with both frontend and backend development stacks.

• Employment Flexibility: This role can be structured as a consultancy within Europe (±2 hours CET), allowing remote work with occasional travel to Stockholm, or as a Sweden-based employee with hybrid setup in Stockholm.
• Team: Join a diverse, international team working in cross-functional groups.
• Tools: Provided with collaborative platforms (Slack, Miro, Google Workspace) and latest Apple devices.
• Additional benefits such as health and life insurance, pension, wellness allowance, and PTO available depending on employment setup (discussed during hiring).

Doconomy is a market leader in impact technology, dedicated to driving global climate action by equipping banks with financial tools that educate and foster positive change, using behavioral science and audited methodologies to ensure trusted, measurable impact.