Lenstra was created by the passion of engineers specialised in Computer Science with a proven history in delivering top quality solutions to its customers. Bringing together work excellence and vision we managed to serve top tier clients from a variety of industry domains like Banking/Insurance, Luxury and Tech.

We help our clients to solve their most difficult problems around Cloud Computing & DevOps, Data Platform, IT Security by having a holistic approach of their environment and building often complex but always relevant solutions to help them accelerate their business.

Our engineering team is committed to great ethics and most of our teammates are core contributors to OpenSource projects such as CPython, Postgres or Terraform.

We are currently helping an investment management client in protecting their low-latency processing systems and trading platforms across diverse environments. Reporting directly to the Group’s CISO, you will work collaboratively with development, infrastructure, and operations teams to embed security into every phase of the software development lifecycle.

• Serve as the internal point of reference and Subject Matter Expert for application security and DevSecOps practices.

• Advise on best practices and long-term strategy for secure automation, ensuring security is integrated at all stages—from design and development to deployment and operations.

• Lead the development and implementation of robust security controls in our CI/CD pipeline, including automated testing, compliance checks, and vulnerability management.

• Collaborate with cross-functional teams (software developers, infrastructure engineers, and security officers) to ensure all solutions follow secure coding practices and meet industry standards (e.g., ISO 27001, NIST CSF, SOC 2).

• Conduct comprehensive design reviews, threat modelling, and architecture assessments to proactively identify and mitigate security risks in new and existing solutions.

• Establish and enforce policies for encryption, authentication (both human and machine), access control (role- and attribute-based), secret management, and secure configurations in cloud (AWS, GCP, or Azure) as well as on-premises environments.

• Champion Infrastructure as Code (IaC) practices by integrating security checks into automated deployment processes using tools such as Terraform, CloudFormation, or Ansible.

• Develop, monitor, and report Key Risk Indicators (KRIs) to track security performance and drive continuous improvement.

• Expertise in Application Security, Identity and Access Management (IAM), and proficiency in Python

• Provide leadership and training—both informally and through scheduled workshops—to up skill teams on secure development practices, DevSecOps tools, and emerging industry trends.

  Technical Stack

  • Security: AppSec, DevSecOps, Secure SDLC, SAST/DAST, Threat modelling, CI/CD security, KRIs, Pen testing, OWASP, NIST, ISO 27001, SOC 2, IAM

  • Cloud/Infra: AWS, GCP, Azure, On-prem, Serverless, Containers, APIs

  • IaC: Terraform, Ansible, CloudFormation

  • Dev/Systems: Python, Linux, TCP/IP, UDP, HTTP(S), Microservices

  • Certs: CSSLP (preferred)

Our recruitment process consists in 3 interviews:

• 1 introductory call with the recruiter

• 1 technical interview

• 1 meeting with the final client