Role Overview
This position is responsible for overseeing the complete application security lifecycle across all company products. The engineer will ensure customer data remains protected by enforcing strong security practices and maintaining compliance with SOC 2 and PCI standards. Close coordination with engineering and product teams is essential to identify, assess, and resolve security risks throughout development.
Key Responsibilities
- Lead end-to-end application security initiatives for all product offerings
- Execute and manage vulnerability detection, triage, and remediation using tools such as GitLab SAST
- Collaborate with development teams to address high-priority security findings
- Conduct third-party vendor security evaluations and risk analyses
- Support compliance frameworks including SOC 2 and PCI, contributing to audits and evidence collection
- Identify threats at the application layer and propose effective countermeasures
- Integrate secure-by-design principles into development workflows
- Track and respond to evolving application threats with appropriate safeguards
Required Qualifications
- Demonstrated background in application or product security engineering
- Hands-on experience with GitLab SAST or similar application scanning technologies
- Familiarity with vulnerability management systems and remediation processes
- Understanding of secure coding practices and common software vulnerabilities
- Proven experience in SOC 2 or PCI compliance environments
- Ability to work cross-functionally with engineering teams to implement security improvements
- Strong analytical, communication, and risk-prioritization skills
Preferred Qualifications
- Experience conducting third-party security assessments
- Knowledge of cloud-native architectures
- Background in fintech or other regulated sectors handling sensitive data
- Hold relevant certifications such as CISSP, CSSLP, or GWAPT, or equivalent practical experience
Technical Environment
GitLab SAST, SAST tools, and vulnerability management platforms are used to support security testing and remediation.
Work Mode
This role operates in a hybrid model with flexibility for remote work and adaptable scheduling.
Company Culture
The organization values diversity and is dedicated to building an inclusive workplace. Emphasis is placed on recruiting and supporting a broad range of talent. The team embraces a builder mindset, focused on empowering customers to achieve financial goals. Integrity and ethical decision-making guide daily actions.
Compensation & Benefits
Annual salary ranges from $100,000 to $148,000, with additional compensation through stock options and performance-based bonuses. Benefits include comprehensive health, vision, and dental coverage, flexible vacation, educational support, gym membership, paid parental leave, and regular team events. The work environment supports flexibility with remote options and a casual atmosphere.
