Lead product security for a fintech credit card infrastructure platform. Own API security, auth strategy, fraud primitives, secure SDLC, and compliance for partner-facing services. Hands-on engineering role reporting to Head of Engineering.
190k – 260k
On-site7+ YOESecurity Engineering
About the role
Responsibilities
Own the security model for our partner-facing APIs: authentication, authorization, tenant isolation, abuse prevention, signing, and audit logging.
Drive a coherent auth strategy across services and surfaces, including step-up auth for sensitive actions and a strong-auth roadmap (passkeys and beyond).
Build the device telemetry, behavioral signals, and velocity primitives that fraud and risk functions depend on.
Be the secure-by-design partner with Engineering — sit in on architecture reviews before features ship, write the threat models, own the tradeoffs.
Own secure SDLC: SAST/DAST, dependency scanning, secret detection, and the security tooling engineers interact with daily.
Coordinate with our infrastructure team to improve our security posture across the stack: from infrastructure, to supply chain, to first-party applications, to third-party dependencies and SaaS platforms.
Be the technical authority on sensitive payment data. Keep the footprint small and well-defined as the platform grows.
Lead incident response on security events (containment, forensics, comms, blameless postmortems) and drive vulnerability remediation across services.
Own the relationship with our external security architecture partner: set priorities, scope engagements, integrate findings into our roadmap.
Serve as the technical counterpart to ensure compliance, translating SOC 2, PCI DSS, and other security frameworks into scalable engineering solutions and ensuring in-product controls are effective in practice.
Requirements
Strong programming skills in Java, Python, or a comparable language — you write production code.
Experience designing or operating secure platform / B2B APIs at scale, especially in multi-tenant environments.
Background in anti-ATO, anti-fraud, or authentication systems at scale (consumer fintech, marketplace, or large consumer platform).
Working knowledge of AWS: IAM, KMS, networking, service-to-service auth.
Comfort with modern AI tooling (Claude, Copilot, and similar) as a daily force multiplier across code review, threat modeling, detection engineering, and security tooling.
Excellent written communication. You'll write threat models, postmortems, and partner-facing security responses.
Comfortable owning the security function in-house while leveraging external specialists as a force multiplier.
Nice to Have
Fintech, payments, or other regulated environment experience.
Threat modeling methodology background (STRIDE, attack trees, or your own).
Experience working alongside or building for a risk / fraud operations team.
Experience operating a bug bounty or vulnerability disclosure program.
Senior individual contributor responsible for strengthening Apollo's secure software development lifecycle, performing application security reviews, threat modeling, vulnerability management, and AI security for product, platform, and AI-powered features.
190k – 273k
Remote5+ YOESecurity Engineering
Senior Software Engineer - Security
SkydioSan Mateo, CA
Designs, reviews, and builds security systems for multi-tenant cloud and corporate environments, including architecture guidance, internal tooling like WAF and vuln management, and compliance controls. Requires 5+ years in cloud security, AWS expertise, and strong Python/Go coding skills.
Senior Security Engineer drives security solutions for Sentry's cloud-based application and Kubernetes platform, partnering with engineering on architecture, threat modeling, and implementations. Requires 6+ years experience securing distributed systems, cloud/container environments, and programming in Python/Go/Rust.
190k – 280k
Hybrid6+ YOESecurity Engineering
Senior Software Engineer, Anti-Abuse & Security
ReplitFoster City, CA
Builds AI-powered anti-abuse detection systems using LLMs to combat phishing, cryptomining, and platform exploitation at scale. Requires 4+ years in security engineering with Python/TypeScript and data analysis experience.
190k – 240k
Hybrid4+ YOESecurity Engineering
Senior Infrastructure Security Engineer
DropboxUnited States
Senior security engineer focused on securing AI/agentic infrastructure, LLM/RAG systems, identity for non-human workloads, and cloud/K8s platforms. Requires 9+ years experience and strong scripting skills.