(Senior) Cloud Security Architect - (m/f/x) (onsite / remote in Germany)

(Senior) Cloud Security Architect - (m/f/x) (onsite / remote in Germany)

Scalable Capital is a leading digital investment and banking platform with a full banking licence. The company offers Scalable Broker, Scalable Wealth, and related services, with over one million clients and more than €30 billion entrusted to the platform. Founded in 2014, Scalable Capital employs over 700 people across Munich, Berlin, Vienna, Milan, and London. We’re looking for a Senior Cloud Security Architect to own and evolve our AWS security architecture across a multi-account environment, define guardrails, design secure patterns, and partner with platform and product teams to ship resilient, compliant services at speed.

• Architect Cloud Foundations: Support the strategy for our core AWS environment, including multi-account structure, network security patterns (TGW, VPCs), and identity and access management (IAM) at scale.
• Secure the Software Development Lifecycle: Partner with engineering teams to embed security into every stage of development, including standards for container security (EKS), securing CI/CD pipelines with policy-as-code, and promoting secure Infrastructure-as-Code (IaC) modules.
• Lead Threat Detection and Response: Design and implement cloud threat detection and monitoring; serve as the primary technical expert during cloud security incidents to guide investigation and containment.
• Govern Data Protection and Encryption: Establish and oversee data security strategy in the cloud, defining standards and reference patterns for cryptographic services (KMS), data discovery, and service-specific encryption controls.
• Drive Governance, Risk, and Enablement: Translate compliance requirements (e.g., ISO 27001, SOC 2) into actionable cloud controls; lead threat modeling sessions, facilitate architecture reviews, and publish reusable security patterns.
• Evaluate and Integrate Security Tooling: Lead evaluation, selection, and integration of modern cloud security platforms (e.g., CNAPP, CSPM, CIEM) to provide measurable value and actionable insights.
• Collaborate on Qualifications: Bachelor\'s or Master\'s degree in Computer Science, Information Security, or related field; extensive experience in security/infrastructure and designing on AWS at multi-account scale; ownership of AWS org-level controls (Organizations/Control Tower, SCPs, SSO/IAM Identity Center, CloudTrail org trails, Security Hub, GuardDuty); strong hands-on with IAM (STS, permission boundaries, condition keys, role chaining), KMS, VPC/TGW/PrivateLink, Route 53, WAF/Shield, S3 security; solid IaC (Terraform preferred; CloudFormation/CDK fine) and CI/CD integration; solid EKS security and container supply-chain fundamentals; experience building policy-as-code and guardrails; proficient in at least one language (Python or Go) plus shell; excellent stakeholder communication and documentation.

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Extensive experience in security/infrastructure and designing on AWS at multi-account scale.
• Proven ownership of AWS org-level controls: Organizations/Control Tower, SCPs, SSO/IAM Identity Center, CloudTrail org trails, Security Hub, GuardDuty.
• Deep hands-on with IAM (STS, permission boundaries, condition keys, role chaining), KMS, VPC/TGW/PrivateLink, Route 53, WAF/Shield, S3 security.
• Strong IaC (Terraform preferred; CloudFormation/CDK fine) and CI/CD integration (GitHub Actions/GitLab/Jenkins).
• Solid EKS security (IRSA, PSP/PSS, network policies, admission control via Kyverno/Gatekeeper) and container supply-chain fundamentals.
• Experience building policy-as-code and guardrails that block risky changes pre-merge without blocking delivery.
• Competent in at least one language (Python or Go) plus shell; capable of writing small tools and automations.
• Excellent stakeholder communication and documentation.

• Be part of one of the fastest-growing Fintech startups in Europe, delivering innovative services with meaningful impact.
• International, diverse, inclusive team with a culture of knowledge sharing and career development.
• Offices in Munich or Berlin, with option to work remotely within Germany (if eligible).
• Productivity with the latest hardware and tools; individual Education Budget; German language classes; free relocation support if required.
• Flexible vacation policy; attractive compensation package and company pension scheme.
• Monthly contribution of 50% for the Deutschland Jobticket; PRIME+ Broker subscription; Urban Sports Club discounts.

Munich or Berlin, Germany; onsite or remote in Germany (if eligible).