Are you looking for a meaningful role?
Doconomy is a market leader in impact technology, dedicated to driving global climate action by equipping banks with financial tools that both educate and foster positive change.
Our tools are steeped in behavioral science and backed by best-in-class data and third-party audited methodologies. That validity and reliability are key to ensuring that our tools and the insights and recommendations they provide are trusted, adopted, and crucially drive tangible, measurable change.
We serve over 90 clients across 30 different markets and have established key partnerships with renowned organizations, including the United Nations Framework Convention on Climate Change (UNFCCC), Mastercard, Boston Consulting Group, S&P Trucost, and the World Wildlife Fund (WWF). Doconomy is backed by leading investors, including UBS Next, S&P Global, Mastercard, CommerzVentures, Ingka Group, Citi Ventures, and ABN Amro Ventures.
Our team includes former bankers, engineers, developers, designers, brand strategists, ESG experts, behavioral science experts, and thought leaders in innovative business and service design. We bring expertise and wisdom from some of the world’s largest digital and sustainable banks, corporations, and fintechs, and our dedicated Impact team keeps us best-in-class and at the forefront of our industry.
Our team comprises former bankers, engineers, developers, designers, brand strategists, ESG experts, behavioral scientists, and innovative leaders. Drawing from the expertise of some of the world's largest digital and sustainable banks, our dedicated team ensures that we remain at the top of our industry.
Join us!
We are looking for a
Security Engineer to strengthen the security of our systems, networks, applications, and cloud infrastructure.
This hands-on role focuses on
vulnerability management, secure software practices, and continuous monitoring, ensuring our systems remain resilient and compliant with
SOC 2 Type 2 standards.
What You’ll Do
Vulnerability Management
- Conduct regular scans to identify and document vulnerabilities in software, hardware, and network components.
- Develop a prioritized remediation plan based on severity and impact.
- Implement patch management and configuration changes to mitigate risks.
- Provide documentation and reports to support SOC 2 Type 2 compliance.
SDLC Security
- Integrate security practices into the Software Development Life Cycle.
- Adopt secure coding standards and perform code reviews.
- Implement automated security testing (static and dynamic analysis).
- Facilitate training and awareness programs for development teams.
Intrusion Detection and Response
- Implement and maintain an Intrusion Detection System (IDS).
- Develop and execute an incident response plan.
- Conduct regular drills and provide training for incident response readiness.
- Monitor and report on detected threats to ensure an effective response.
Continuous Monitoring and Validation
- Perform ongoing validation of security controls and internal audits.
- Establish continuous monitoring processes and alerting mechanisms.
- Maintain documentation to demonstrate a robust and consistent security posture.
Tools
- Vanta, Wazuh, Kandji, GitHub, NextDNS, Black Kite
What You’ll Bring To The Team
- Hands-on experience in cybersecurity, with focus on vulnerability management, SDLC security, and infrastructure/DevOps security.
- Experience with cloud deployments, CI/CD pipelines, and container/orchestration security.
- Strong knowledge of SOC 2 Type 2 compliance requirements.
- Excellent problem-solving and communication skills to explain security issues to technical and non-technical teams.
- Ability to work independently in a distributed team environment.
Preferred Qualifications
- Relevant certifications such as CISSP, CISM, or similar.
- Familiarity with SOC 2 Type 2 compliance and security auditing.
- Experience with intrusion detection systems, incident response planning, and continuous security monitoring.
- Experience in secure cloud architecture, IaC security, and DevSecOps practices.
- Experience with both frontend and backend development stacks.
What We Offer
- Balance & Employment Flexibility: This role can be structured as a consultancy within Europe (±2 hour CET), allowing you to work remotely with occasional travel to our Stockholm office for team-building activities, workshops, or project-specific tasks. Alternatively, if you are based in Stockholm, you can join as a Sweden-based employee with a hybrid setup, spending part of your week in our A-house Ark office, Östermalm, and part working remotely. Please note that we do not provide relocation support or visa sponsorship.
- Team: Join a diverse, international team working in cross-functional groups.
- Tools: Stay connected and manage projects efficiently using collaborative platforms like Slack, Miro, and Google Workspace. We will set you up with the latest Apple devices and equipment to support your best performance.
Additional benefits such as health and life insurance, pension, wellness allowance, and PTO are available depending on employment set-up, and will be discussed during the hiring process.
We have an ongoing recruitment process; if this role is online, it means it’s still open!
