The main focus of the team is to ensure Avafin's products and teams have the least downtime possible. To accomplish this, the team is responsible for building and maintaining the IT infrastructure and workflows both on-prem and in the cloud for all teams, reliably deploy and operate our production services and products, manage services used at Avafin and ensure the organisation complies with applicable security standards and regulations. As technologies we use DefectDojo, OpenVAS, Terraform, AWS, Kubernetes, Helm, ArgoCD, Github/Gitub Actions, Microsoft365, Entra, Go, Python and more. Our IT Department, which is based in Wiener Neustadt, is part of an international Fintech company which provides short and long-term consumer loans in 5 countries within and outside of Europe. With our own platform and websites, we provide an entirely digital lending process so we can guarantee a cashflow to the consumer within only a couple of minutes. Security Engineer Location: Austria, Poland, Latvia, Spain, EU What we expect from you? At least 3 years' experience working in a Security Engineering position Experience with Vulnerability Management Hands-on experience working with AWS cloud environments and implementing AWS security services Experience with Kubernetes/Helm, Terraform or similar Hands-on expertise in Python or similar languages to implement automation for security processes and integration Fluency in English (communication with an international team) What will you do? Revise and improve our Identity and Access Management implementation Ensure the secure operation of our Platform, on-prem and cloud Contribute to the maturity of our overall Security posture Automate diverse day-to-day tasks, service integrations and processes What we offer? Remote work - up to 100% remote, or hybrid, if possible, up to you Flexible working hours - only need to cover core working hours with the team 34 hours working week - have more time for you and your hobbies at a competitive full time salary License courses, workshops and learning opportunities within a badge system Who we are We're an international fintech group established in 2012, boasting 400 employees worldwide. We utilize innovative financial technology to provide convenient loan products across five markets: Poland, Spain, Mexico, Czechia, and Latvia. At AvaFin, we prioritize convenience, transparency, and personalized customer experiences, aiming to empower users with easy and swift access to funds at competitive rates. In 2024, AvaFin became a subsidiary of Capitec Bank, South Africa's largest retail bank with over 22 million active clients. This acquisition is part of Capitec's internationalization strategy, aiming to expand its presence beyond the domestic market. Capitec's commitment to personalized service and innovative technology aligns seamlessly with AvaFin's mission, promising enhanced accessibility and reduced costs for customers worldwide. DATA PRIVACY STATEMENT FOR JOB CANDIDATES AVAFIN IT GMBH ( hereinafter the " Company ", “ we ”, or “ us ”) respects your privacy and is committed to protecting your personal data, as a data controller. Your personal data will only be processed by the Company, when adequate, relevant, and limited to what is necessary for the purpose of recruitment and selection. This notice is aimed at informing you of how and why your personal data will be used during the process of identifying, selecting, verifying, and vetting candidates. Data Controller AVAFIN IT GMBH; Reg. Number: FN416590H; with registered address at Domplatz 16/2, 2700 Wiener Neustadt, Austria. E-mail address: [email protected]. Data Protection Officer contact details: [email protected]. Purpose(s) To assess your suitability for a role you have applied for, to carry out pre-employment verification and screening, to help us develop and improve our recruitment processes, and eventually, to make you a conditional or unconditional job offer. Legal ground(s) The processing is necessary for the purposes of the legitimate interests pursued by the Company (Art. 6.1 (f) GDPR), processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6.1 (c) GDPR); or to comply with legal obligations (Art. 6.1 (b) GDPR). Recipients The Company may communicate your personal data to other AvaFin Group companies for internal administrative purposes, or to third parties providing external services to us. Data protection rights You can exercise free of charge the right of access, to rectification, to erasure, to restrict processing, to object, not to be subject to automated decisions (including profiling), to portability; by contacting at the following e-mail address: [email protected]. ADDITIONAL INFORMATION ABOUT DATA PROTECTION Data Controller AVAFIN IT GMBH Registration number: FN416590H Registered address: Domplatz 16/2, 2700 Wiener Neustadt, Austria E-mail: [email protected] Data Protection Officer e-mail: [email protected] Purposes of processing 1. Our purpose for processing your personal data is to assess your suitability for a role you have applied for, to carry out pre-employment verification and screening, and to help us develop and improve our recruitment processes. We will use the personal data we collect about you in your job application, or any other information generated by you or us: - To shortlist candidates for interview with meaningful human involvement in the decision (e.g. reviewing application forms to select candidates based on their qualifications and experience, skills tests, or other assessments). - To assess your skills, academic and professional qualifications, and suitability. - To conduct interviews (face-to-face or remotely). - To carry out background and reference checks, where applicable (verifications used to check the information you provide in support of your job application). - To communicate with you about the recruitment process (e.g. the result of your job application). - To keep internal records related to our hiring processes. - To communicate your personal data to AvaFin Group. Lawful basis: Legitimate interest 2. We will process your personal data to comply with legal obligations: - Pre-employment vetting (e.g. to perform right to work checks, criminal records, if applicable) - To comply with other legal obligations (e.g. to accommodate an individual with a disability, complying with health and safety obligations) Lawful basis: Legal obligation 3. Finally, we may process your personal data to enter into a labor contract when you accept our job offer (pre-contractual stage). Lawful basis: To perform a contract of employment; or because you asked us to take specific steps before entering into a contract of employment (e.g. you have accepted our job offer). We normally post job offers in our AvaFin Group websites or job search platforms like LinkedIn, that will collect the application information and may ask you to complete a work preference questionnaire that is used to assess your suitability for the role. We can also collect your personal data through employee referral programs. In general, collecting and using your personal data enables us to manage the recruitment and selection process, including setting up an electronic job applicant HR file; managing your application and the communications; conducting assessments; organizing interviews; and conducting background checks and screening. We may also process your personal data to meet recordkeeping and other internal administrative purposes at AvaFin Group (to adequately manage the selection process and assess your application in accordance with group-wide requirements). With all the information collected during the recruitment process we will then decide whether you meet the basic requirements. If you do, we will decide whether your application is suitable to invite you for an interview. If we decide to call you for an interview, we will use the data you provide to us at the interview to decide whether to offer you the role. If we decide to offer you the role, we may then take up references and/or any other check before confirming your hiring. Moreover, with the information collected during the selection processes, we may internally analyze the effectiveness of our recruitment efforts, we can identify areas for enhancement and implement necessary adjustments to streamline future recruitment processes and optimize outcomes. This continuous improvement cycle enables us to stay agile and responsive to evolving business needs and market dynamics. Final recruitment decisions are made by hiring managers and members of our recruitment team. We take account of all the information gathered during the application process. If we make a conditional offer of employment, we will carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We must confirm the identity of our staff and their right to work in the country, and seek assurance as to their trustworthiness, integrity and reliability. You may therefore provide any of the following information: proof of your identity, proof of your qualifications, a criminal record if required by applicable laws, or we can contact your referees using the details you provide in your application directly to obtain references with your consent. If we make a final offer, we will also ask you for the following: bank details – to process salary payments, emergency contact details – so we know who to contact in case you have an emergency at work, or your social security number – as required by the labor regulations. Type of personal data processed We may collect and use the following categories of personal data about you (some or all may apply to you): Identification data; Contact information; Demographic data; Data regarding responses to screening questions; Background check information; Previous employment information; Data pertaining to work preferences and skills; Job Application data (e.g. CV, cover letter); Pre-employment vetting information; Information on certain health conditions (only where required by law); Job interview notes; Assessment results. Data retention We will not keep recruitment records for unsuccessful candidates beyond the statutory period in which an applicant can bring a claim arising from the recruitment process. Retaining recruitment records may be necessary in case we need to defend ourselves against claims of discrimination or other legal actions arising from recruitment. Depending on the circumstances, we may be legally required to keep information for a specified period of time to comply with certain laws. Recipients The Company may transfer the job candidate's data to the AvaFin Group for internal administrative purposes (e.g. recordkeeping, or to evaluate the candidate's suitability as per Group requirements). In addition, we use third parties who provide services, including work agencies, in connection with the recruitment process. In providing such services, your personal data may be processed by the service provider on the Company’s behalf for the purposes of providing the required service to the Company. No international data transfers are foreseen. Rights You can exercise free of charge your right of access, to rectification, to erasure, to restriction of processing, to object to processing, not to be subject to automated decisions (including profiling), to portability; by contacting us at the following e-mail address: [email protected] We also inform you that you have the right to seek the protection of your national data protection authority. For more information, please click on the following link .