Security Engineer

About The Position

Requirements

• 5+ years of experience in security engineering, with meaningful time at a payments company, bank, or other regulated financial institution.
• Experience with cloud environments (GCP) and infrastructure as code providers (Terraform).
• Breadth across both application/code security and operational security. You don't need to be the world's deepest expert in both, but you need to be knowledgeable in each and capable of hiring and managing those who are.
• You can write production code, not just review it.
• Experience building security programs at early-stage or high-growth companies, ideally from scratch.
• Familiarity with compliance frameworks relevant to payments and banking (SOC 2, PCI-DSS, state money transmission, etc.).
• You view a lack of specificity as an opportunity for ownership.
• Based in New York City (or willing to relocate).

Nice To Haves

• Ideally you've shipped internal tools or security features yourself.

Responsibilities

• Own our security posture across application security, infrastructure security, and operational security.
• Conduct code reviews, threat modeling, and penetration testing to identify and remediate vulnerabilities.
• Design and implement security controls, monitoring, and incident response processes appropriate for a regulated payments environment.
• Establish security policies, procedures, and compliance frameworks (SOC 2, PCI-DSS, etc.) as we scale.
• Hire, manage, and supervise specialist contractors or future security hires as the team grows.
• Ship internal security tooling and features.
• Work closely with engineering to embed security into our development lifecycle from the start.

Benefits

• Competitive salary and equity
• Comprehensive insurance (medical/dental/vision)
• Unlimited vacation: Take time when you need it
• Periodic off-sites