Senior DevSecOps Engineer (NYC / MIA)

About The Position

Requirements

• 4–8 years of experience as a security engineer, with a clear security-first background rather than a generalist infrastructure background.
• 3+ years of hands-on experience securing AWS environments: IAM, Security Hub, CloudTrail, GuardDuty, and KMS.
• Strong practical knowledge of CI/CD security: GitHub Actions, secrets scanning, and dependency management.
• Experience with secure code review or core application security concepts (OWASP, auth flows, API security).
• Experience working within at least one compliance framework, SOC 2 preferred, with ISO 27001 or similar acceptable.
• Fluent communicator across technical teams — you can work productively with developers and IT engineers without needing to own their domains.
• Self-directed and organized. You track your own work and do not drop threads.
• Experience using AI-assisted tools such as Claude or GitHub Copilot for security automation or research.
• Ability to work flexible hours if an incident arises.

Nice To Haves

• Experience at a fintech, payments, or crypto company.
• Familiarity with DORA or MiCA compliance requirements.
• Exposure to blockchain or crypto-specific security considerations.
• Prior experience where security work regularly intersected with IT or infrastructure teams.

Responsibilities

• Own security across our AWS environments (primary), with additional exposure to GCP and Vercel: IAM, Security Hub, CloudTrail, GuardDuty, KMS, and related controls.
• Design, maintain, and monitor security controls across cloud infrastructure: logging pipelines, alerting thresholds, key management, and privileged access workflows.
• Manage security-relevant access controls across cloud environments and internal systems, including service accounts, credential rotation, and periodic access reviews.
• Provide security input to IT & Infrastructure on network segmentation, endpoint security baselines, and cross-system access policies, without owning those systems yourself.
• Secure our CI/CD pipelines and GitHub Actions environments: secrets management, supply chain risk, and dependency vulnerability workflows.
• Perform secure code reviews and provide hands-on application security support to engineering teams.
• Review authentication flows, payment logic, and API security with human judgment, not just automated scanners.
• Partner with engineers to remediate vulnerabilities and embed security practices into the development lifecycle.
• Own vulnerability management end-to-end: identification, prioritization, remediation tracking, and verification.
• Coordinate our external security review program with third-party audit and penetration testing firms.
• Support incident response through internal triage and investigation, working alongside our external 24/7 response partners.
• Support SOC 2 and other compliance efforts by collecting evidence, documenting controls, and maintaining audit-ready processes for engineering and security-related controls.
• Contribute to DORA compliance initiatives where applicable.
• Maintain clear, auditable documentation of security processes to support audit cycles and long-term knowledge transfer.

Benefits

• Extensive access to leading AI tools and subscriptions, with AI actively encouraged and integrated into daily workflows.
• Two performance reviews annually.
• Stock options are part of every full-time offer.
• Unlimited, flexible PTO.
• Parental Leave program.
• Flexible work schedule.
• Company laptop and allowance for any necessary home equipment.
• Daily stipend for commuting to the office and/or meals.
• Three company-paid off-sites per year.
• Health, dental, vision, life, short-term disability (STD), and long-term disability (LTD) insurances.
• 401(k) Plan.