Founding Security Engineer

Boom•Austin, TX

5d•Onsite

About The Position

Boom is expanding its engineering team to meet the growing demands of its B2B partners and B2C users. Boom handles sensitive consumer data at scale, including credit, identity, and verification data, and reports rent payments to credit bureaus. As the company moves from Seed to Series A and beyond, they are hiring a Founding Security Engineer to harden the platform, mature the security posture, and partner with product engineering and infrastructure teams to integrate security into the development process. This role offers the opportunity to work closely with the CPO, engineering leadership, and operations, taking ownership of security from the ground up. The engineering culture is hands-on and pragmatic, valuing shipping product, maintaining high standards, and clear communication. This role is for candidates in Austin, TX.

Requirements

5+ years in security engineering or application security with hands-on web development experience.
Track record securing production web apps and cloud environments, with AWS strongly preferred
Working knowledge of SOC 2 (bonus for ISO 27001, HIPAA, PCI, GLBA/FCRA). You're ready to own the program, not just contribute to it
Strong grasp of common attack classes (OWASP Top 10, auth/session, SSRF, deserialization, supply chain) and how they show up in modern web stacks
Backend-leaning full stack on Ruby (Grape and Sequel) with React/Next.js and TypeScript on the frontend.
Comfortable with third-party APIs (OAuth, webhooks, rate limits, idempotency), observability, on-call, real incidents, and Terraform
You're already running AI coding agents autonomously, including overnight, to ship and drive your own efficiency. Daily Claude Code use is table stakes
Strong communicator who can explain risk to non-security audiences and push back without slowing the business.
Self-starter in a fast-paced, early-stage environment, with empathy for our end users including low-to-moderate-income renters whose financial data we steward

Responsibilities

Own our application and cloud security posture across our infrastructure and full stack product
Run our SOC 2 certification effort (evidence, controls, auditor interface), interface with vendors for pen testing, and prep us for the next compliance lifts like CASA, FCRA, state-specific data regs, and enterprise security reviews
Build the secure SDLC: threat modeling, security-sensitive code review, SAST/DAST/SCA tooling, secrets management, and dependency hygiene
Lead incident response and vulnerability management. Triage, contain, remediate, and run blameless postmortems
Partner with engineering on identity, access, and data handling for PII, credit, and payment data so secure-by-default is the easy path
Own customer security questionnaires and represent Boom in security conversations with enterprise property management partners

Benefits

Competitive salary with stock options
Full healthcare coverage (health, dental, vision) including 50% coverage for dependents
15 days of Paid Time Off (PTO) per year + 3 sick days + all US federal holidays (11 in total)
Company-issued laptop/MacBook
Company-sponsored training & development
Regular off-sites, retreats, and other company-sponsored events and travel opportunities

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume