Senior Security Engineer - Automation (Fintech)

TL;DR

Senior Security Engineer - Automation (Fintech): Focusing on embedding security seamlessly into the Software Development Lifecycle (SDLC) with an accent on building, integrating, and optimizing security automation pipelines. Focus on championing and managing the vulnerability management program, ensuring vulnerabilities are identified, prioritized, tracked, and remediated efficiently.

Location: New York - Hybrid / United States (East Coast Time Zone) - Remote

Salary: $209.66 - $220.70 a year

Company

hirify.global is a unified payments platform for digital currency, making it easy for anyone, anywhere, to buy, sell, swap and pay in digital currencies as easy as sending an email.

What you will do

• Design, implement, and manage the integration of security tooling (SAST, DAST, SCA, Secrets Scanning) into CI/CD pipelines.
• Develop and maintain automation scripts and platforms to streamline security processes and workflows.
• Own and operate the end-to-end vulnerability management lifecycle: identification, triage, prioritization, distribution, tracking, and reporting.
• Collaborate closely with engineering teams to ensure timely remediation of identified vulnerabilities and provide guidance on secure coding practices.
• Drive the adoption and implementation of the SLSA framework to enhance supply chain security.
• Champion and execute the security team's automation strategy for cross-functional needs, actively seeking and implementing automation opportunities based on team feedback.

Requirements

• Solid background in software development with demonstrable experience, ideally using languages common in backend or infrastructure development (e.g., Go, Python, Node.js).
• Strong passion for cybersecurity and have transitioned or are keen to focus your career on security automation and vulnerability management.
• Understanding on security tools like SAST, DAST, SCA, and secrets scanning solutions within a CI/CD environment (here at hirify.global we use Github)
• Understand the principles of vulnerability management, including prioritization frameworks (e.g., CVSS) and remediation tracking.
• Familiar with the concepts and goals of the SLSA framework or similar supply chain security initiatives.
• Must be based in the United States (East Coast Time Zone)

Nice to have

• Experience working in disruptive technology, FinTech, SaaS, or Crypto sectors is a plus.
• Familiarity with cloud security principles (AWS, GCP) is beneficial.
• Possess a deep understanding of GitHub's functionalities, including advanced features, security settings, and API capabilities.
• Demonstrate strong administrative skills in managing and maintaining GitHub Enterprise environments, including user access, repository management, and organization settings.
• Familiarity with GitHub Actions for workflow automation and security enforcement.

Culture & Benefits

• Competitive salary package & Equity package.
• Unlimited holidays and hybrid working schedule.
• Private Healthcare benefits and enhanced parental leave.
• Annual training budget and home office setup allowance.
• Remote working allowance and monthly budget to spend on our products and zero fee crypto transactions.
• Regular remote company offsites.