Senior DevSecOps/Security Engineer

What project we have for you

Build and ship the best possible products accurately and on-time. Solve complex business problems and workflows with highly secure, scalable, and easy-to-use backend APIs and infrastructure. We run our services on Kubernetes using GCP (for now) and AWS (upcoming). We integrate with Stripe, Plaid, and others to make complicated financial transactions a breeze.

What you will do

• Manage and respond to customer RFPs, security questionnaires, and due diligence requests.
• Support internal audits and risk assessments across the organization.
• Lead SOC 2 Type II audit efforts (gap analysis, controls, evidence collection, auditor coordination).
• Drive readiness and implementation for ISO/IEC 27001 certification.
• Work closely with Engineering, Legal, DevOps, and DPO teams to embed security and compliance into operations.
• Partner with engineers to fix infra misconfigurations, strengthen app security, and ensure security-first CI/CD processes.

What you need for this

• Experience automating aspects of vulnerability management through scripting, APIs, and integration with CI/CD systems.
• Demonstrated ability to proactively improve and streamline existing processes and programs to drive continuous improvement.
• Strong understanding of application and cloud security principles, standard vulnerability classes (e.g., OWASP), secure development practices, and threat modeling.
• Proficiency with vulnerability scanning tools, dependency management, and code analysis.
• Knowledge of containerized environments (Docker, Kubernetes) and cloud platforms (AWS preferred).
• Ability to work cross-functionally with engineering, product, and operations teams to drive security initiatives forward.
• Excellent attention to detail with strong written, verbal, and interpersonal communication skills.

Skills

• GCP
• InformationSecurityManagement
• Kubernetes