Plus
Включить Plus
Назад
Company hidden
7 часов назад

Senior Application Security Engineer (Fintech)

Формат работы
remote/hybrid
Тип работы
fulltime
Грейд
senior
Английский
b2
Страна
US/Mexico
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Senior Application Security Engineer (Fintech): Scaling the security of a cloud-native fintech platform with an accent on embedding security into CI/CD pipelines and developer workflows. Focus on building DevSecOps capabilities, automating vulnerability management, and ensuring secure coding practices for Python-based services.

Location: Remote, with hybrid options in Miami and México City

Company

hirify.global is building a financial ecosystem for Latin immigrants in the U.S., utilizing AI, blockchain, and stablecoins to revolutionize cross-border remittances.

What you will do

  • Design, implement, and maintain security controls within GitHub Actions CI/CD pipelines using SAST, SCA, IaC scanning, and secret detection.
  • Lead the vulnerability management program using platforms like DefectDojo, triaging findings and prioritizing remediation.
  • Act as a security SME for product engineering, conducting security architecture reviews and threat modeling for new features.
  • Coordinate and manage internal and external penetration testing engagements.
  • Define and document foundational security standards for source code, secrets management, and CI/CD processes.
  • Partner with the GRC function to support SOC 2 and PCI compliance audits.

Requirements

  • Proven experience as an Application Security Engineer or Product Security Engineer.
  • Hands-on experience securing CI/CD pipelines, preferably with GitHub Actions.
  • Strong proficiency in Python and experience with security scanning tools (SAST, DAST, SCA).
  • Deep understanding of the OWASP Top 10 and secure architecture principles.
  • Experience with cloud-native technologies including GCP, Kubernetes (GKE), and Docker.
  • Experience in regulated industries (Fintech, Healthcare) and familiarity with SOC 2 and PCI DSS.

Nice to have

  • Experience with Infrastructure-as-Code tools like Terraform and security scanners such as Checkov.

Culture & Benefits

  • Competitive salary, annual performance bonus, and initial stock options grant.
  • Comprehensive health, dental, and vision plans.
  • Remote work environment with unlimited PTO and paid parental leave.
  • Continuous learning opportunities in a hyper-growth Series B startup environment.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →