Who you are

• Experience leading security engineering teams with a strong focus on Application Security and DevSecOps, and exposure to infrastructure and operational security
• Strong technical depth in AWS security, IAM, network design, CI/CD hardening, and cloud-native architectures
• Hands-on experience with infrastructure-as-code, cloud posture tooling, and vulnerability management workflows
• Deep understanding of secure software development practices and common application-layer risks (e.g., OWASP Top 10)
• Familiarity with PCI DSS 4.0, SOC 2, and automating evidence or control enforcement
• Experience with identity platforms such as Auth0, Okta, and OIDC
• Proficiency in scripting (Python preferred) for automation, metrics, and integrations
• Excellent communication and stakeholder management skills
• Experience in fintech, payments, or other correctness-critical domains is strongly preferred but not required
• You’ll Be Great in This Role If You:
• Take ownership and enjoy building systems, teams, and scalable processes from the ground up
• Communicate complex security concepts clearly and pragmatically
• Balance deep technical execution with strategic thinking
• Are comfortable operating in ambiguity and evolving environments
• Enjoy coaching and elevating engineers
• Prioritize ruthlessly and execute with focus
• Use automation wherever possible to reduce manual work
• At Float, you’ll thrive if you’re bold, curious, and eager to make a real impact. We're building something special—and having a lot of fun along the way. If you’re excited to build, grow, and win together, we’d love to meet you

What the job involves

• Security is foundational to earning and keeping customer trust
• As the Security Engineering Manager, you will lead Float’s security engineering function with a primary focus on Application Security and DevSecOps, while partnering closely with Infrastructure, IT, and Operations teams on broader security outcomes
• You will guide a technical, high-impact team that enables Float to ship new financial features quickly, safely, and with confidence by embedding secure-by-default practices into engineering workflows
• This role blends people leadership, hands-on security engineering, and architectural decision-making in a fast-moving fintech environment
• This is a hands-on role
• You should expect to spend approximately 60% of your time on direct technical contribution, especially as the security function continues to mature, with the remaining time focused on coaching, strategy, and cross-functional leadership
• Leadership & Strategy
• Build, mentor, and lead a high-performing security engineering team with a strong emphasis on Application Security and DevSecOps
• Develop and execute the security engineering roadmap, balancing long-term architecture with near-term delivery needs
• Partner with engineering and product leadership to ensure security is integrated into planning, design, and execution
• Security Engineering Responsibilities
• As the Security Engineering Manager, you will drive and mature Float’s application and cloud security posture, with a strong emphasis on secure SDLC and CI/CD practices, while collaborating closely across infrastructure and operational security
• Own and enhance CI/CD and developer-workflow security, including OIDC signing, pipeline hardening, artifact integrity, secret distribution, and container security
• Define secure architecture patterns and baseline configurations for cloud services, backend systems, and infrastructure-as-code (Terraform)
• Build scalable, measurable controls that enforce least privilege and prevent misconfigurations
• Embed secure SDLC practices across engineering through automated code scanning, dependency scanning, secrets management, and threat modeling
• Develop secure patterns for authentication, authorization, API design, and sensitive data handling
• Support engineers in evaluating high-risk features and designing effective mitigation strategies
• Partner with Infrastructure and Operations teams to mature detection and response capabilities, including alerting, logging, tuning, and automation
• Lead incident response readiness through simulations, playbooks, and post-incident improvements
• Automate vulnerability management, cloud posture monitoring, and compliance evidence collection for SOC 2 and PCI DSS 4.0
• Partner with IT to maintain strong endpoint, identity, and device-trust baselines across the organization
• Support third-party risk management efforts as they relate to application and platform security
• You’ll lead with empathy, clarity, and ownership—core to how we operate at Float. You’ll foster a culture where security engineers feel empowered to make decisions, challenge assumptions, and take pride in their impact
• Most importantly, you’ll ensure security is viewed not as a gate, but as an enabler—helping teams move fast while managing risk intelligently

Benefits

• Competitive coverage of medical, dental and vision insurance for employees
• Education & learning stipend for personal growth and development
• Flexible vacation time
• Work from home stipend to help you succeed in a remote environment