Senior Information Security Engineer

MX Technologies, Inc.•Lehi, UT

3h•Onsite

About The Position

MX is a fintech company on a mission to empower the world to be financially strong. We build technology that helps banks, credit unions, and fintechs deliver smarter, more intuitive financial experiences to millions of people. Like many startups, we’ve navigated real growth challenges — and we’ve come out stronger on the other side. Today, MX is in a phase of renewed momentum and scale, with a solid foundation and a clear vision for what’s next. This is a place where thoughtful execution matters, innovation is encouraged, and individuals have real ownership over their work. Our culture values curiosity, accountability, and impact. We give people the space to question assumptions, design better solutions, and help shape how the company grows. If you’re looking to do meaningful work, influence outcomes, and grow alongside a company that’s ready to move fast, you’ll feel at home at MX. Role Overview The Senior Security Engineer is a senior individual contributor role focused on being the primary hands-on builder, technical lead, and implementer of MX's security program. This position is designed for a self-starting technical lead with deep execution expertise in ubiquitous shift-left security, application protection, and automated risk reduction. In addition to the focus on shift-left security, this role will have Web Application and API Protection (WAAP) and Network Security focuses to drive widespread adoption of secure practices across engineering teams. Reporting directly to the Director of Security Architecture and Engineering, and working closely with Cloud & Product Security Architecture to execute defined designs, the Senior Security Engineer leads the deployment, automation, and maturation of security controls at scale. They serve as the go-to technical expert for implementation, troubleshoot complex issues, mentor engineers organization-wide, and champion best practices to embed security deeply into infrastructure, platforms, and application workflows. This role influences Cloud Engineering, DevOps, Platform, Application Development, and Security Operations teams to operationalize secure-by-design principles while maintaining alignment with compliance and risk requirements.

Requirements

7+ years of progressive hands-on experience in application security, cloud security engineering, or DevSecOps at scale.
Expert-level implementation experience with Fastly Next-Gen WAF (Signal Sciences) and Cequence Unified API Protection (or equivalent tools).
Expert in Terraform for secure infrastructure-as-code; strong experience with policy-as-code (OPA/Rego).
Deep hands-on expertise with CNAPP/CSPM platforms (CrowdStrike Horizon, Prisma Cloud) and cloud-native detection tools.
Proven ability to operate in multi-cloud environments with a strong grasp of Zero Trust, identity, and secure workload patterns.
Experience building and automating controls in regulated environments such as SOC 2, PCI DSS, or ISO 27001.
Excellent communication and influence skills: able to teach, persuade, and enable engineers at all levels.
Track record of mentoring others and driving adoption of best practices across organizations.
Experienced Incident Responder with a proven history of leading security incidents such as those related to credential leaks or credential stuffing attacks from beginning to end.

Responsibilities

Serve as the primary hands-on builder for Fastly Next-Gen WAF (Signal Sciences) across all production environments to mitigate web-based attacks with low false positives.
Lead the deployment and tuning of Cequence Unified API Protection for API discovery, behavioral abuse detection, and real-time runtime enforcement.
Standardize API security patterns across the organization, ensuring deep visibility into shadow APIs and automated blocking of malicious traffic.
Partner with application teams to integrate threat modeling and security requirements into the design phase of new features.
Detect & Prevent credential-stuffing attacks ensuring Security Engineering is First-To-Know (FTK)
Implement and mature policy-as-code frameworks (OPA/Rego or equivalents) tied to organizational guardrails.
Enforce strict CI/CD quality gates that block critical and high-severity vulnerabilities from reaching production using SAST/SCA tools like Snyk, Semgrep, or CodeQL.
Drive integration of security scanning tools (IaC, containers, secrets, dependencies, SBOM) into CI/CD pipelines and evangelize shift-left practices to development teams.
Train and enable engineers to build securely from the start, reducing misconfigurations at the source.
Deploy and manage AWS Network Firewall & Suricata IPS/IDS rules (or similar e.g. PAN) as code through Terraform to protect ingress, egress, and east-west traffic.
Implement and maintain advanced network security controls, including VPC Service Controls and hierarchical policies.
Develop and tune detection rules for Network Security Services, partnering with SIEM owner; support threat hunting and incident investigations
Implement and enforce security controls for Kubernetes clusters (EKS, GKE, or self-managed), including cluster hardening, admission controls, and network policies.
Drive system hardening across container layers: secure base images, runtime protection (e.g., CrowdStrike), image signing/verification, and vulnerability management.
Integrate container security scanning (image vulnerability, misconfiguration, SBOM) into build pipelines; enforce runtime protections and least-privilege for workloads.
Develop and automate guardrails for Kubernetes configurations using tools like Crowdstrike, OPA/Gatekeeper or Kyverno to prevent insecure deployments.
Enforce a strict "zero-secrets-in-code" policy through pre-merge blocking using tools like GitGuardian, TruffleHog, or Gitleaks.
Lead the migration of legacy secrets to centralized stores such as HashiCorp Vault, AWS Secrets Manager, or Sealed Secrets.
Standardize SBOM (Software Bill of Materials) generation for all internal and third-party software artifacts.
Implement the SLSA framework (or similar) to ensure the integrity of build pipelines and artifact provenance.
Deploy artifact signing and verification using Sigstore/Cosign (or similar) to ensure only trusted code runs in production.
Govern dependency usage to proactively block compromised or "typosquatted" packages from entering the ecosystem.
Standardize the creation of "Golden Images" (AMIs/Base Images) based on CIS Benchmarks for all compute resources.
Eliminate configuration drift by implementing automated remediation workflows for non-compliant hosts.
Deploy and manage host-based security telemetry (CrowdStrike Falcon) across the entire fleet.
Scale immutable infrastructure patterns that remove the need for manual system patching.
Translate architectural designs into production-ready deployments using Terraform, automation, and repeatable processes.
Lead deployment and management of CrowdStrike Falcon Complete (CSPM/CNAPP) for posture management, misconfiguration remediation, and drift detection.
Enforce cloud governance standards through automated baselines, templates, and least-privilege controls across all accounts.
Prototype and validate new controls or tools to accelerate organizational rollout.
Deploy Just-In-Time (JIT) identity systems and enforce the principle of least privilege.
Accomplish task-based, short-lived access, eliminating the need for standing privileges.
Experience enforcing Principle of Least Privilege (PoLP) on non-human identities (NHI).

Benefits

Our Utah office features onsite perks such as company-paid meals, massage therapists, a sports simulator, gym, mother’s lounge, and meditation room and meaningful interactions with amazing people.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume