Founding Security Engineer

About The Position

Requirements

• B.S. in Computer Science or a related field
• 6+ years of experience in Security Engineering
• Familiarity with payments, PCI concepts, etc.
• PCI-DSS/SOC2/ISO27001 participation, evidence automation, and SDLC governance
• Experience with cryptography & key management (KMS/HSM, tokenization, envelope encryption)
• Experience supply-chain security (SBOM, Sigstore/cosign, SLSA); mobile security (React-Native)
• Experience with detection engineering (SIEM/OTel), incident response/forensics, red/purple teaming

Nice To Haves

• Interest or experience in hardware/embedded security (smart cards, POS, secure elements)
• Fluent technical writing; empathy for users and regulators; bias to action is a plus.

Responsibilities

• Design & review secure architectures for login/auth flows, payments, KMS/HSM usage, card/device interactions, and data protections.
• Threat model features (web, mobile, backend, hardware) and turn risks into pragmatic controls, test cases, and guardrails.
• Build security automations (SAST/SCA, CI policy gates, IaC validation, secret scanning, SBOM/provenance, dependency hygiene).
• Harden cloud/infra on GCP: identity boundaries, network segmentation, workload identity, service accounts, least privilege, secrets.
• Ship observability for trust: structured logs, audit trails, detection hooks, incident runbooks, and post-incident improvements.
• Own incident response drills with engineering; triage, contain, learn; drive reliability & fraud-prevention signals into products.
• Partner on compliance (PCI-DSS/SOC2/ISO): help define scope, automate evidence, and keep “secure by design” as the default.
• Enable teams with secure patterns, library wrappers, and “paved roads” (auth clients, tokenization, crypto APIs, KMS helpers).
• Contribute across the stack (TypeScript/Node/React-Native; Terraform; container/K8s) and collaborate with hardware/firmware when needed.