Senior Security Engineer & Identity Engineer

About The Position

Requirements

• 5–7+ years of experience as a Security Engineer or Software Engineer with a strong security focus
• Proven experience building and operating production-grade software, systems, or internal tooling
• Strong background in application security, infrastructure security, and secure CI/CD practices
• Hands-on experience with identity and access management, including authentication systems, authorization frameworks, and machine-to-machine security patterns
• Experience applying security frameworks such as OWASP, NIST, or CIS Controls in real-world production environments
• Familiarity with cloud security tooling (AWS Security Hub, Azure Security Center, or GCP Security Command Center), SIEM/SOAR tools, and Infrastructure-as-Code security scanning (Terraform, CloudFormation)
• Experience supporting compliance frameworks such as SOC 2 and ISO 27001
• Familiarity with modern backend systems (including C#) and cloud-native architectures
• Demonstrated ability to collaborate cross-functionally and influence engineering teams to improve security outcomes
• Strong communication skills with the ability to translate complex security concepts into clear, actionable guidance

Nice To Haves

• Experience designing or migrating identity architecture at scale
• Experience building internal developer security tooling
• Experience working in a high-growth technology environment

Responsibilities

• Assess and continuously improve Later’s security posture across applications, infrastructure, and development workflows
• Define and implement scalable security standards, guardrails, and best practices that support compliance through automated and auditable solutions
• Partner with Engineering and Product leadership to align security priorities with business objectives and delivery timelines
• Own identity and access management across Later’s platform, including authentication, authorization, and secure machine-to-machine (M2M) processes
• Design, implement, and maintain secure authentication systems for both internal tools and customer-facing experiences
• Harden login systems, establish consistent authentication patterns across services, and ensure secure integration between tools
• Build and maintain internal security tooling to support secure development, operational visibility, and compliance workflows
• Embed security controls into CI/CD pipelines, including SAST, DAST, SCA, container scanning, secret management, and secure build/deploy practices
• Partner with engineering teams to identify vulnerabilities, clearly communicate risk and impact, and drive effective remediation
• Provide pragmatic, solution-oriented security guidance during system design and architecture reviews
• Collaborate cross-functionally to embed security into development workflows without slowing delivery
• Translate complex security concepts into clear, actionable recommendations for both technical and non-technical stakeholders
• Act as a trusted partner to engineering teams, balancing risk mitigation with business enablement
• Lead by influence—raising the security bar through standards, tooling, and mentorship
• Set a high standard for secure engineering practices and help others level up their security mindset
• Model accountability, ownership, and transparency in security decisions
• Stay current on application security, cloud security, and identity best practices
• Apply industry frameworks (e.g., OWASP, NIST, CIS Controls) pragmatically within production environments
• Continuously evaluate and improve identity architecture and security automation to scale with the business