logo inner

Information Security Analyst

TokenBerlin, Germany | Remote, Hybrid, Onsite
Working as part of the Info Sec team within Technology, you will report into the Info Sec Architect and work closely with the Info Sec officer, and IT Analyst.

Role and Responsibilities


  • Develop threat models for a cloud-based distributed compute platform architected on Kubernetes and hosted within AWS.
  • Expand threat models into meaningful threat scenarios targeting AIS and PIS mechanisms for a multi-tenanted A2A platform.
  • Provide accurate security audits of AWS features implemented to support the platform, Kubernetes and associated services, microservices written in Java, JavaScript, Go and Python and public APIs and web-apps exposed by the platform.
  • Provide vulnerability analysis on vulnerabilities affecting applications and their associated libraries, written in Java, JavaScript, Go and Python. Will require the Analyst to be able to reclassify, and justify the reclassification, of vulnerabilities based on their actual impact and not the documented impact.
  • Conduct threat-based penetration tests based on AIS and PIS mechanics against the platform from the perspective of internal and external threat actors.
  • Implement, assess and manipulate SIEM and IDS rules based on the STRIDE and MITRE ATT&CK frameworks to ensure that threats are correctly bubbled up via alert pipelines to on-call teams.
  • Conduct risk analysis of new tools, services, and systems to determine their potential impact on the information security of the organisation and the organisation's customers.

Skills and experience required


  • Familiarity with Java and JavaScript. Go and Python experience is beneficial.
  • Familiarity with Elastic Kubernetes Service, or Kubernetes in general.
  • Familiarity with Amazon Web Services.
  • Familiarity with RDBMS applications and data warehouses.
  • Creating dynamic threat models using pytm or similar tooling.
  • Familiarity with ISO 27001:2022, PCI DSS 4.0 and DORA and their requirements around implementing sound information security practices to ensure the validity of documented procedures and best practises.
  • Penetration testing from a network, Kubernetes or API perspective.
  • Documenting best practises, principles, and internal frameworks to further the adoption of information security practises within the organisation.

Nice to haves


  • Familiarity with AI and ML applications, models and frameworks.
  • Experience conducting code security reviews.

Open to all


Token.io is building an open future for everyone. We don’t just accept different points of view, lived experiences and new ways of thinking — we search them out. They help us make better products, better decisions, and a better place for everyone to work. So, come as you are. We acknowledge and embrace different backgrounds, identities and abilities. Respect is our default, and empathy is our baseline. No one succeeds until we all do.Apply for this job

Life at Token

Token's universal open banking platform, TokenOS, allows banks and third parties to interact in a digital global financial services ecosystem. TokenOS provides one API to access all banks, with the tools to deliver best-in-class data access and payments use cases, and better open banking propositions. Token.io Limited is authorised as an Account Information Service Provider (“AISP”) and as a Payment Initiation Service Provider (“PISP“) by the Financial Conduct Authority in the UK.
Thrive Here & What We Value* Embracing different backgrounds, identities, and abilities* Respect is our default, empathy is our baseline* Open to all* Come as you are* Hybrid/flexible working* Open future for everyone* Different backgrounds, identities acknowledged and embraced
View more
Your tracker settings

We use cookies and similar methods to recognize visitors and remember their preferences. We also use them to measure ad campaign effectiveness, target ads and analyze site traffic. To learn more about these methods, including how to disable them, view our Cookie Policy or Privacy Policy.

By tapping `Accept`, you consent to the use of these methods by us and third parties. You can always change your tracker preferences by visiting our Cookie Policy.

logo innerThatStartupJob
Discover the best startup and their job positions, all in one place.
Quick SearchSearch JobsSearch Remote Jobs hiring WorldwideSearch Remote Jobs in the USSearch Jobs in IndiaSearch Remote Jobs in UKSearch by Title
AreaCaliforniaMassachusettsNew YorkTexasVirginiaWashington D.C.View all
Popular SubRemote JobsWeb3 JobsiOS Developer JobsFront End Developer Remote JobsComputational Geometry JobsCannabis CareersView all
CompanyAbout UsContact usBlogCreditsCareersPrivacy PolicyCookie Policy
Copyright © 2025