Who you are

• You’re an experienced application Security Engineer with the technical depth and breadth to raise our security org to the next level. You thrive in fast, remote, ambiguous, high-initiative, high-ownership environments.
• You're interested in both defining strategy and executing on it. You’re capable of diving deep into architecture, code, and infrastructure to drive meaningful improvements.
• You’ve led or mentored other engineers and are comfortable being the company’s authority on technical security decisions. You communicate clearly, collaborate across teams, influence across functions, and have high standards for technical excellence
• 8+ years experience in hands-on, senior, and highly autonomous security roles embedded in an engineering or software development related department
• Hands-on experience securing web applications, designing secure solutions, and providing meaningful security feedback to engineering design documentation and code reviews
• Have contributed meaningfully to company-level security strategy and owned security programs end-to-end (e.g., SDLC security, vulnerability management, threat modeling)
• Desire to directly manage and mentor a small group (1-3) of security software engineers
• Have played a significant role in hiring for security professionals
• Strong written and verbal communication skills
• Experience working with functional leaders, product management, engineers, IT, and non-technical business staff
• Independently executed on a broad range of security initiatives spanning infrastructure security, application security, and automating business controls
• Bug Bounty or other Red-Team vulnerability hunting finds
• Recently worked at a fast-paced startup, scaleup, or B2C app-first company
• Deep familiarity with Datadog APM or other application insight tools
• Experience with our specific stack: AWS, Kubernetes, Python + FastAPI, React, Postgres, Kafka, Redis
• Experience with the fintech industry and its specific threats and regulations
• Experience acting as a thought leader regarding common IT Security concepts such as endpoint protection, SIEM best practices, and insider threat detection/prevention

What the job involves

• We're looking for a Staff level Security Engineer to join our Security & Privacy team. You'll act as a company-wide subject matter expert and key advocate for the security of our product. Along with executing individually, you'll directly manage and mentor a small group of engineers.
• You'll operate within an Agile team, collaborate with engineering and IT leadership to influence strategy, and be directly accountable for meaningfully improving the security of our product. You’ll operate with significant autonomy when setting direction and executing on work.
• You'll act as a technical mentor across the engineering organization to advance the company's security skills. This role is primarily a mix of strategic and hands-on work, with some people management responsibility, and reports to the Senior Director of Infrastructure within the Engineering department, and collaborates closely with the Head of IT
• Driving accountability and ownership of application security concerns company-wide, ensuring the resolution of findings, and meeting strategic objectives
• Directly manage 1-2 software security engineers including security interns
• Identify, scope, prioritize, and often individually execute on high-impact security work. Mentor and unblock members of your team and core product software engineers outside the team
• Architect complex security solutions and contribute to our long term security roadmap
• Deliver continuous business value through AppSec, DevSecOps and other security project work. This includes coding, deployment, incident response, evangelization, and long term adoption
• Act as a trusted point of contact for security questions and issues, owning the process of responding to and ensuring the remediation of security-related inquiries and incidents
• Monitor industry trends and major security developments, ensuring we're quick to respond
• We use a state of the art architecture powered by Node and Python microservices and React frontend
• We use Postgres for storage, Redis for caching, and Snowflake for our data warehouse
• We use Gitlab for version control and CI/CD, and our infrastructure is hosted on AWS, making use of Kubernetes, RDS, etc
• We invest heavily in monitoring and automated alerting using Datadog
• We use Amplitude, Hotjar, and LogRocket for client-side metrics and experimentation
• We use Material-UI and maintain our own component library, using Figma for mock-ups
• We integrate with a multitude of third-parties to support our compliance, risk, and security policies

Benefits

• Competitive base salary
• 2x/year performance reviews
• RRSP and 401k
• Generous equity options
• $1,200 annual learning & development allowance
• Unlimited PTO (really!)
• Recharge days throughout the year
• Parental leave + top-up program
• Annual $200 travel allowance
• Employee-exclusive discounts
• Health, dental, and vision insurance on day one
• $360 annual wellness allowance
• Employee assistance programs
• $500 WFH allowance (one-time)
• Free food Fridays!