About the Role
You'll lead how the company thinks about code and operational security as it scales. You'll help design the systems, practices, and safeguards that enable growth without compromising trust. You'll own the security posture across application, infrastructure, and operational security, conduct code reviews, threat modeling, and penetration testing, and design security controls and incident response processes appropriate for a regulated payments environment. You'll also build internal security tooling, hire and manage specialist contractors or future security hires, and work closely with engineering to embed security into the development lifecycle from the start.
Requirements
- 5+ years of experience in security engineering, with meaningful time at a payments company, bank, or other regulated financial institution
- Experience with cloud environments (GCP) and infrastructure as code providers (Terraform)
- Breadth across both application/code security and operational security
- Ability to write production code, not just review it
- Experience building security programs at early-stage or high-growth companies, ideally from scratch
- Familiarity with compliance frameworks relevant to payments and banking (SOC 2, PCI-DSS, state money transmission, etc.)
- Based in New York City (or willing to relocate)
Responsibilities
- Own security posture across application security, infrastructure security, and operational security
- Conduct code reviews, threat modeling, and penetration testing to identify and remediate vulnerabilities
- Design and implement security controls, monitoring, and incident response processes appropriate for a regulated payments environment
- Establish security policies, procedures, and compliance frameworks (SOC 2, PCI-DSS, etc.) as the company scales
- Hire, manage, and supervise specialist contractors or future security hires as the team grows
- Ship internal security tooling and features
- Work closely with engineering to embed security into the development lifecycle from the start
Benefits
- Equity compensation
- Comprehensive insurance (medical/dental/vision)
- Unlimited vacation
- Periodic off-sites