Security Engineer
About The Position
Security Engineer Overview Thunes Financial Services is hiring a Security Engineer to be the architect of trust for our fintech platform. We are looking for a hybrid specialist who can bridge the gap between Infrastructure Security and Application Security, ensuring our systems are as resilient as they are compliant. This role will play a critical part in maintaining our regulatory compliance posture while building automated, scalable security guardrails. This role reports to the VP of Engineering. The Role As a Security Engineer, you will be responsible for security across the full lifecycle of our fintech platform. This hybrid specialist role requires deep engagement with both infrastructure and application security, focusing heavily on automation and regulatory compliance within a high-stakes, regulated environment.
Requirements
- A Bachelor's degree in Computer Science or a related field, but similar professional experience is equally valued.
- A proven track record of deep experience in both Infrastructure Security and Application Security is required.
- Pipeline Proficiency: Hands-on experience building security guardrails within CI/CD tools (e.g., GitHub Actions, GitLab CI, or Jenkins).
- Hybrid Expertise: Deep experience in both Infrastructure Security (Cloud/K8s) and AppSec (OWASP Top 10, Secure SDLC).
- Tooling Experience: Proven proficiency with enterprise vulnerability management platforms and automated dependency scanning solutions.
- Automation Mindset: You don’t just find bugs; you write code (Python, Go, or Bash) to handle them. Experience using AI-driven automation or agentic tools to streamline security workflows is required.
- Fintech Fluency: You understand the high-stakes nature of working in a regulated environment and can translate compliance requirements into technical reality.
- Clear, effective communication of trade-offs to non-technical stakeholders
- History of collaboration with engineers and others
Nice To Haves
- Certifications such as CISSP
- Prior experience in startups, especially Fintech
Responsibilities
- CI/CD Security Integration: Design, build, and maintain automation to integrate security testing (SAST/DAST/SCA) directly into our deployment pipelines. You'll ensure that security is a "paved road" for developers, not a bottleneck.
- Full-Stack Security: Own security across the lifecycle—from securing our cloud infrastructure (AWS/GCP) to performing code reviews and architectural risk assessments.
- Vulnerability Management: Manage our detection stack using modern vulnerability scanning and dependency management tools to identify, prioritize, and track risks across the environment.
- Security Automation: Build and maintain automated workflows for vulnerability reporting, triage, and remediation. We want someone who leverages AI-powered agentic coding tools or similar automation to eliminate manual toil and accelerate response times.
- Compliance Engineering: Monitor our technical security controls to ensure that they are operating effectively throughout the year to meet the rigorous cybersecurity compliance requirements to support regulatory exams as well as SOC-2 and PCI audits.
- Incident Response: Serve as a key member of our security response team, helping to investigate and mitigate potential threats.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
