Security Engineer at LemFi (Formerly Lemonade Finance)

Lemonade Finance (YC S21) is building a neobank for immigrants in North America & Europe. We provide our users with multi-currency accounts that allow them to hold, send, and receive money from Africa in any currency for their business and personal banking needs. There are over 10 million Africans living in North America & Europe who go through hoops and have to pay exorbitant fees to send money to their loved ones. We are constantly fighting for everyday Africans to be able to move their money freely around the world at no cost and with the best exchange rate they can find out there. We launched the first version of the app at the beginning of October 2020 with just the ability to send money. Now, we enable our users to send and receive as well as pay bills for services across the ocean for loved ones. We have also grown to a team of more than 25 people working remotely and living on different continents

The Role

• We’re looking for a Senior Security Engineer to strengthen LemFi’s cloud security posture, enhance visibility across our systems, and ensure compliance with evolving EU and Irish regulatory requirements. This is a hands-on role at the intersection of engineering, security, and compliance - working across AWS, core security tooling, monitoring, and audit readiness.
• You will help translate regulatory expectations into practical, measurable security improvements while partnering closely with Engineering, Cloud, Risk, and Compliance teams. Your work will directly protect customer data, reduce incidents, and deepen trust across our financial ecosystem

How You’ll Contribute

• Enhance Cloud Security: Manage and improve AWS security, including IAM, network segmentation, key management, and logging.
• Strengthen Detection & Telemetry: Configure and maintain SIEM, vulnerability scanners, IDS/IPS, and endpoint protection tooling.
• Improve Monitoring: Build alerting for critical systems and embed security into CI/CD workflows.
• Ensure Compliance: Harden infrastructure and support adherence to ISO 27001, PCI DSS, DORA, and other relevant standards.
• Support Audit Readiness: Prepare regulatory reports, coordinate audit evidence, and assist with inspections.
• Translate Requirements: Convert regulatory and policy expectations into actionable controls and maintain security documentation.
• Lead Incident Response: Operate and tune SIEM, investigate alerts, and run incident triage and post-incident reviews.
• Maintain Playbooks: Improve vulnerability, incident, and threat intelligence procedures; strengthen first-line detection.
• Align with Stakeholders: Work closely with Risk, Compliance, and IT to provide metrics and support executive reporting.
• Guide Third-Party Reviews: Coordinate cross-entity policy alignment and advise on vendor compliance.

Who You Are

• Impact-Oriented: You focus on reducing incidents, improving detection, and strengthening regulatory trust.
• Security-Minded: You think holistically about infrastructure, people, processes, and controls.
• Collaborative: You partner naturally with engineering, risk, and compliance across a distributed team.
• Accountable: You take ownership of our security posture and act quickly and proactively.
• Detail-Focused: You document clearly, communicate well, and handle audits with precision.
• Continuous Improver: You always look for ways to automate, enhance visibility, and streamline reporting.

What You’ll Bring

• 5+ years in Security Engineering, Cloud Security, or Infrastructure Security roles in AWS environments.
• Deep understanding of AWS security services including IAM, KMS, CloudHSM, Security Hub, and CloudTrail.
• Hands-on experience with SIEM platforms and integrating cloud or endpoint telemetry.
• Strong knowledge of vulnerability management, incident response, and security monitoring.
• Familiarity with compliance frameworks such as DORA, PCI DSS, ISO 27001, NIST CSF.
• Experience preparing security reports and audit evidence for regulators or auditors.
• Skilled in Infrastructure-as-Code (Terraform) and integrating security into CI/CD.
• Competent in scripting and automation (Python, Bash, etc.) for detection, response, and reporting.
• Strong ownership and ability to work independently across engineering and compliance teams.
• Excellent communication skills for both technical and non-technical audiences.

Method of Application