Who you are

• 5–7+ years of experience as a Security Engineer or Software Engineer with a strong security focus
• Proven experience building and operating production-grade software, systems, or internal tooling
• Strong background in application security, infrastructure security, and secure CI/CD practices
• Hands-on experience with identity and access management, including authentication systems, authorization frameworks, and machine-to-machine security patterns
• Experience applying security frameworks such as OWASP, NIST, or CIS Controls in real-world production environments
• Familiarity with cloud security tooling (AWS Security Hub, Azure Security Center, or GCP Security Command Center), SIEM/SOAR tools, and Infrastructure-as-Code security scanning (Terraform, CloudFormation)
• Experience supporting compliance frameworks such as SOC 2 and ISO 27001
• Familiarity with modern backend systems (including C#) and cloud-native architectures
• Demonstrated ability to collaborate cross-functionally and influence engineering teams to improve security outcomes
• Strong communication skills with the ability to translate complex security concepts into clear, actionable guidance
• Driven by Impact: You deliver results that matter—prioritizing high-value work, meeting deadlines, and adapting quickly while keeping outcomes clear
• Strategic & Customer-Centric: You anticipate risks and opportunities, connect decisions to long-term growth, and build trust through proactive insights
• Curious & Growth-Oriented: You seek knowledge, ask sharp questions, and apply learnings fast—challenging the status quo with a mindset of improvement
• Collaborative & Resilient: You thrive in change by staying resourceful, solution-focused, and positive—removing roadblocks, sharing insights, and keeping morale high
• Accountable & Honest: You own your work, hold yourself and others to a high bar, and use transparent feedback to drive growth
• Emotionally Intelligent: You build trust through empathy and collaboration, foster inclusion, and inspire others with grit, optimism, and integrity
• Experience designing or migrating identity architecture at scale
• Experience building internal developer security tooling
• Experience working in a high-growth technology environment

What the job involves

• As a Senior Security Engineer at Later, you will play a critical role in strengthening and scaling the security foundations that power our platform
• This role blends deep security expertise with hands-on engineering, with a particular focus on identity and access management, authentication systems, and secure-by-design development practices
• You’ll partner closely with Engineering, Infrastructure, and Product teams to embed security into our CI/CD pipelines, internal platforms, and customer-facing systems—enabling teams to move quickly while keeping our systems, data, and users safe
• This is a high-impact individual contributor role for someone who thinks like a defender, builds like a software engineer, and leads through influence
• Assess and continuously improve Later’s security posture across applications, infrastructure, and development workflows
• Define and implement scalable security standards, guardrails, and best practices that support compliance through automated and auditable solutions
• Partner with Engineering and Product leadership to align security priorities with business objectives and delivery timelines
• Emerging risks and proactively design systems and processes that reduce long-term exposure
• Own identity and access management across Later’s platform, including authentication, authorization, and secure machine-to-machine (M2M) processes
• Design, implement, and maintain secure authentication systems for both internal tools and customer-facing experiences
• Harden login systems, establish consistent authentication patterns across services, and ensure secure integration between tools
• Build and maintain internal security tooling to support secure development, operational visibility, and compliance workflows
• Embed security controls into CI/CD pipelines, including SAST, DAST, SCA, container scanning, secret management, and secure build/deploy practices
• Partner with engineering teams to identify vulnerabilities, clearly communicate risk and impact, and drive effective remediation
• Provide pragmatic, solution-oriented security guidance during system design and architecture reviews
• Collaborate cross-functionally to embed security into development workflows without slowing delivery
• Translate complex security concepts into clear, actionable recommendations for both technical and non-technical stakeholders
• Act as a trusted partner to engineering teams, balancing risk mitigation with business enablement
• Lead by influence—raising the security bar through standards, tooling, and mentorship
• Set a high standard for secure engineering practices and help others level up their security mindset
• Model accountability, ownership, and transparency in security decisions
• Research/Best Practices
• Stay current on application security, cloud security, and identity best practices
• Apply industry frameworks (e.g., OWASP, NIST, CIS Controls) pragmatically within production environments
• Continuously evaluate and improve identity architecture and security automation to scale with the business
• What success looks like:
• Identity and access management is secure, scalable, and consistently implemented across the platform
• Security controls are embedded into CI/CD pipelines, reducing manual effort and improving detection and prevention
• Engineering teams proactively consider security in their designs and view security as an enabler—not a blocker
• Vulnerabilities are identified early, clearly prioritized, and remediated efficiently
• Compliance frameworks (e.g., SOC 2, ISO 27001) are supported through automation and well-defined processes
• Later’s overall security posture measurably improves while maintaining speed of product delivery

Benefits

• Learning & development opportunities
• Market competitive compensation
• Hybrid work environment
• Flexible paid time off
• Competitive healthcare benefits