Senior Security Engineer
Skills
Secrets ScanningSecret ManagementPamSecure Code ReviewSoftware Supply ChainSoc 2Key ManagementIncident ResponseAuthenticationAccess ControlLoggingAlertingGithub ActionsVercelMonitoringDoraAwsCi/CdGcpVulnerability ManagementIamComplianceGithub CopilotClaudeAi-Assisted ToolsCloud SecurityPaymentSecrets ManagementMicaPrivileged AccessService AccountCredential RotationAuditingApi Security
About the Role
You will own and operate day-to-day security for cloud infrastructure and applications. You will design, maintain, and monitor security controls, secure CI/CD and software supply chain, perform secure code reviews, manage access and credential rotation, drive vulnerability remediation, and support incident response and audit evidence collection.
Requirements
- 4-8 years of experience as a security engineer
- 3+ years hands-on experience securing AWS environments including IAM, Security Hub, CloudTrail, GuardDuty, and KMS
- Strong understanding of CI/CD security including GitHub Actions, secrets scanning, and dependency management
- Experience with secure code review or application security fundamentals
- Experience working with at least one compliance framework, preferably SOC 2
- Highly organized with strong attention to detail
- Comfort operating in a fast-paced startup environment and communicating security concepts to non-technical stakeholders
- Experience using AI-assisted tools such as Claude or GitHub Copilot
- Ability to work flexible hours if an incident arises
- Nice to have: fintech or payments experience
- Nice to have: exposure to DORA or MiCA compliance requirements
- Nice to have: familiarity with crypto or blockchain security considerations
Responsibilities
- Own and operate cloud security across AWS and other cloud environments
- Design, maintain, and monitor engineering security controls including IAM, logging, monitoring, and key management
- Secure CI/CD pipelines, GitHub Action environments, secrets management, and software supply chain
- Manage security-related access controls, privileged access, service accounts, and credential rotation
- Perform secure code reviews and provide application security support
- Review authentication flows, payment logic, and API security and partner with engineers on remediation
- Coordinate external security reviews with third-party auditor firms
- Own vulnerability management workflows including prioritization, remediation tracking, and verification
- Support incident response through triage, investigation, and remediation
- Collect evidence and document controls to support SOC 2 and other compliance audits
Benefits
- Extensive access to leading AI tools and subscriptions
- Stock options program
- Two performance reviews annually
- Unlimited flexible PTO
- Flexible work schedule
- Company laptop and allowance for home equipment
- Daily stipend for commuting to the office
- Company-paid trips for annual off-sites and onsites
- Insurance covered by Crossmint
- 401(k) Plan