# Security Engineer - Product

**Company:** [Cardless](https://hotfix.jobs/companies/cardless)
**Location:** San Francisco, CA
**Role:** Security Engineering
**Salary:** $190k – $260k/yr
**Experience:** 7+ years
**Skills:** Java, Python, AWS, IAM, Kms, SAST, DAST, SOC 2, Pci Dss, Threat Modeling
**Posted:** 2026-06-24

> Lead product security for a fintech credit card infrastructure platform. Own API security, auth strategy, fraud primitives, secure SDLC, and compliance for partner-facing services. Hands-on engineering role reporting to Head of Engineering.

## Job Description

## Responsibilities
- Own the security model for our partner-facing APIs: authentication, authorization, tenant isolation, abuse prevention, signing, and audit logging.
- Drive a coherent auth strategy across services and surfaces, including step-up auth for sensitive actions and a strong-auth roadmap (passkeys and beyond).
- Build the device telemetry, behavioral signals, and velocity primitives that fraud and risk functions depend on.
- Be the secure-by-design partner with Engineering — sit in on architecture reviews before features ship, write the threat models, own the tradeoffs.
- Own secure SDLC: SAST/DAST, dependency scanning, secret detection, and the security tooling engineers interact with daily.
- Coordinate with our infrastructure team to improve our security posture across the stack: from infrastructure, to supply chain, to first-party applications, to third-party dependencies and SaaS platforms.
- Be the technical authority on sensitive payment data. Keep the footprint small and well-defined as the platform grows.
- Lead incident response on security events (containment, forensics, comms, blameless postmortems) and drive vulnerability remediation across services.
- Own the relationship with our external security architecture partner: set priorities, scope engagements, integrate findings into our roadmap.
- Serve as the technical counterpart to ensure compliance, translating SOC 2, PCI DSS, and other security frameworks into scalable engineering solutions and ensuring in-product controls are effective in practice.

## Requirements
- Strong programming skills in Java, Python, or a comparable language — you write production code.
- Experience designing or operating secure platform / B2B APIs at scale, especially in multi-tenant environments.
- Background in anti-ATO, anti-fraud, or authentication systems at scale (consumer fintech, marketplace, or large consumer platform).
- Working knowledge of AWS: IAM, KMS, networking, service-to-service auth.
- Comfort with modern AI tooling (Claude, Copilot, and similar) as a daily force multiplier across code review, threat modeling, detection engineering, and security tooling.
- Excellent written communication. You'll write threat models, postmortems, and partner-facing security responses.
- Comfortable owning the security function in-house while leveraging external specialists as a force multiplier.

## Nice to Have
- Fintech, payments, or other regulated environment experience.
- Threat modeling methodology background (STRIDE, attack trees, or your own).
- Experience working alongside or building for a risk / fraud operations team.
- Experience operating a bug bounty or vulnerability disclosure program.

## Similar roles

- [Senior Application Security Engineer](https://hotfix.jobs/jobs/45402dbe-ee8f-4a25-9817-c293c712505a) - Apollo - Remote - $190k – $273k/yr
- [Senior Software Engineer - Security](https://hotfix.jobs/jobs/e3185b76-5a92-4a24-956c-5a19fd20d75d) - Skydio - San Mateo, CA - $190k – $250k/yr
- [Senior Security Engineer, Application & Platform Security](https://hotfix.jobs/jobs/935a9604-4c7b-48d9-a08b-cb94b61fb298) - Sentry - San Francisco, CA - $190k – $280k/yr
- [Senior Software Engineer, Anti-Abuse & Security](https://hotfix.jobs/jobs/af883f53-3346-4cc3-827e-3e9664ff95c3) - Replit - Foster City, CA - $190k – $240k/yr
- [Senior Infrastructure Security Engineer](https://hotfix.jobs/jobs/f7e815e7-b9b7-4df4-a889-e6d7d1e91808) - Dropbox - Remote - $190k – $290k/yr

**Apply:** https://hotfix.jobs/jobs/3b4c4dd3-25b2-4d9b-8fb6-43a7a73dd2f8
**Canonical:** https://hotfix.jobs/jobs/3b4c4dd3-25b2-4d9b-8fb6-43a7a73dd2f8