Senior Security Engineer

Role Overview

Senior Security Engineer (Individual Contributor) at Loancrate, a remote-first fintech company. You'll make Loancrate more secure without impeding engineering velocity. Security is an enabler here, not a gatekeeper—you'll build systems, guardrails, and tooling that catch issues early and make secure defaults easy.

Key Responsibilities

• Security Posture: Lead and drive security across application security, cloud security, identity, and compliance in partnership with engineering and leadership
• Threat Modeling & Assessments: Perform regular threat modeling, vulnerability assessments, and penetration testing; work directly with engineering to remediate findings quickly
• Security Tooling & Automation: Build and maintain SAST/DAST, dependency scanning, container scanning, SBOM management, and secret detection integrated into CI/CD
• AWS Infrastructure Hardening: IAM least-privilege policies, VPC boundaries, secrets management, audit logging, GuardDuty, Security Hub, KMS key management, and DDoS protection
• SOC 2 Type II Compliance: Design practical controls, automate evidence collection, manage auditor relationships, and drive continuous improvement
• Incident Response: Lead or coordinate security incident response, including runbooks, postmortems, and stakeholder communication

Expected First-Month Contributions

• Comprehensive threat model of application and infrastructure layers with remediation roadmap
• AWS infrastructure hardening while keeping developer workflows frictionless
• Security tooling integration into CI/CD pipeline
• SOC 2 Type II posture work (evidence collection, control design, vendor risk)
• Secure-by-default patterns and libraries (authentication/authorization helpers, input validation, secure logging)

Requirements

• Experience in fintech or other regulated industries
• Deep expertise in application security, cloud infrastructure security, and compliance
• Hands-on coding ability; you'll write code and ship tooling, not just policies
• Experience with AWS security best practices
• CI/CD security integration and tooling
• Comfort diving deep quickly in complex environments

Nice-to-Haves

• SOC 2 Type II audit experience
• Threat modeling expertise
• Experience building secure patterns and shared libraries for engineering teams