Plus
Включить Plus
Назад
Company hidden
15 часов назад

Senior Application Security Engineer (Fintech)

Формат работы
remote (только Mexico)/hybrid
Тип работы
fulltime
Грейд
senior
Английский
b2
Страна
US/Mexico/Colombia +1 еще
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Senior Application Security Engineer (Fintech/Python): Building and scaling security controls within the software development lifecycle for an AI-powered remittance platform with an accent on CI/CD automation and vulnerability management. Focus on integrating SAST/SCA tools, performing threat modeling, and ensuring compliance with SOC 2 and PCI DSS standards.

Location: Remote, with hybrid options available in Miami and Mexico City

Company

hirify.global is a hyper-growth Series B fintech company building an AI-powered financial ecosystem for Latin immigrants in the U.S.

What you will do

  • Design and implement security controls within GitHub Actions CI/CD pipelines using SAST, SCA, and IaC scanning.
  • Own the vulnerability management program via DefectDojo, triaging findings and prioritizing remediation with engineering teams.
  • Conduct security architecture reviews and perform threat modeling for new product features.
  • Coordinate and manage internal and external penetration testing engagements.
  • Define and document security standards for source code and secrets management.
  • Partner with the GRC function to implement controls and gather evidence for SOC 2 and PCI compliance audits.

Requirements

  • Proven experience as an Application or Product Security Engineer.
  • Hands-on experience securing CI/CD pipelines, specifically with GitHub Actions.
  • Proficiency in Python and experience with security scanning tools (SAST, DAST, SCA).
  • Deep understanding of the OWASP Top 10 and secure architecture principles.
  • Experience with cloud-native environments, specifically GCP, Kubernetes (GKE), and Docker.
  • Experience in regulated industries (Fintech/Healthcare) and familiarity with SOC 2 and PCI DSS.

Nice to have

  • Experience with Infrastructure-as-Code tools like Terraform and security scanners such as Checkov.
  • Familiarity with vulnerability management platforms like DefectDojo.

Culture & Benefits

  • Competitive salary, annual performance bonus, and initial stock options grant.
  • Comprehensive health, dental, and vision plans.
  • Flexible remote work environment with hybrid office options.
  • Unlimited PTO and paid parental leave.
  • Continuous learning opportunities in a high-performance, entrepreneurial environment.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →