Security and Threat Operations Engineer

About The Position

Requirements

• 5+ years of experience in information security, threat detection, security operations, detection engineering, or incident response, ideally in a cloud-native or product-focused environment.
• Strong experience investigating suspicious activity in web, API, authentication, and infrastructure telemetry, with the ability to distinguish attacker behavior from normal production noise.
• Demonstrated ability to review traffic and event patterns for signs of malicious activity, fraud, account abuse, credential attacks, reconnaissance, and exploitation attempts.
• Strong Python programming skills and the ability to write maintainable code for automation, enrichment, analysis, and security operations tooling.
• Experience building and tuning detections in a SIEM or detection platform and working with observability and logging systems such as CloudWatch, Datadog, or similar platforms.
• Experience operating or supporting a vulnerability management program, including triage, prioritization, remediation tracking, and stakeholder coordination.
• Familiarity with cloud and application security findings from platforms such as Wiz, including CNAPP, runtime, code, and vulnerability scanning use cases.
• Experience with at least one major cloud provider, preferably AWS.
• Working knowledge of identity and access systems, modern authentication flows, and the security implications of internet-facing applications and APIs.
• Strong understanding of threat modeling, risk prioritization, and practical security controls across applications, infrastructure, and cloud environments.
• Practical experience using AI tools in security workflows, along with sound judgment about AI-specific risks such as prompt injection, data leakage, excessive tool access, and weak auditability.
• Excellent analytical, communication, and cross-functional collaboration skills, especially in environments where security needs to move quickly with product and engineering teams5+ years of experience in information security, threat detection, security operations, detection engineering, or incident response, ideally in a cloud-native or product-focused environment.
• Strong experience investigating suspicious activity in web, API, authentication, and infrastructure telemetry, with the ability to distinguish attacker behavior from normal production noise.
• Demonstrated ability to review traffic and event patterns for signs of malicious activity, fraud, account abuse, credential attacks, reconnaissance, and exploitation attempts.
• Strong Python programming skills and the ability to write maintainable code for automation, enrichment, analysis, and security operations tooling.
• Experience building and tuning detections in a SIEM or detection platform and working with observability and logging systems such as CloudWatch, Datadog, or similar platforms.
• Experience operating or supporting a vulnerability management program, including triage, prioritization, remediation tracking, and stakeholder coordination.
• Familiarity with cloud and application security findings from platforms such as Wiz, including CNAPP, runtime, code, and vulnerability scanning use cases.
• Experience with at least one major cloud provider, preferably AWS.
• Working knowledge of identity and access systems, modern authentication flows, and the security implications of internet-facing applications and APIs.
• Strong understanding of threat modeling, risk prioritization, and practical security controls across applications, infrastructure, and cloud environments.
• Practical experience using AI tools in security workflows, along with sound judgment about AI-specific risks such as prompt injection, data leakage, excessive tool access, and weak auditability.
• Excellent analytical, communication, and cross-functional collaboration skills, especially in environments where security needs to move quickly with product and engineering teams

Responsibilities

• Build and tune detections, alerts, and monitoring workflows across cloud, application, identity, and edge environments.
• Review traffic patterns across APIs, authentication flows, and WAF telemetry to identify malicious activity, abuse patterns, and anomalous behavior.
• Use AI responsibly as a force multiplier for triage, analysis, and workflow automation, while helping define guardrails for AI-enabled systems.
• Help operate OnePay’s vulnerability management program by triaging, prioritizing, and driving remediation for findings from Wiz, vulnerability scanning, and related workflows.
• Develop Python-based tooling and automation to improve investigations, enrichment, response, and operational scale.
• Partner with Product Security to translate threat models, security reviews, and product risks into production detections and response playbooks.
• Investigate security events end to end, including triage, scoping, containment support, and follow-through on remediation.
• Support vulnerability management and operational security practices in ways that align with PCI and SOC 2 expectations.
• Participate in proactive threat hunting, detection improvement, and a 24x7 security incident response on-call rotation.

Benefits

• Competitive base salary and stock options
• Health benefits effective from Day 1
• 401(k) plan with company match
• Remote-friendly (US), flexible time-off (FTO), paid parental and caregiver leave
• Generous stock option packages in an early-stage, high-growth fintech
• A high-growth, mission-driven, inclusive culture where your work has real impact