Security Engineer Overview Thunes Financial Services is hiring a Security Engineer to be the architect of trust for our fintech platform. We are looking for a hybrid specialist who can bridge the gap between Infrastructure Security and Application Security, ensuring our systems are as resilient as they are compliant. This role will play a critical part in maintaining our regulatory compliance posture while building automated, scalable security guardrails. This role reports to the VP of Engineering.
The Role As a Security Engineer, you will be responsible for security across the full lifecycle of our fintech platform. This hybrid specialist role requires deep engagement with both infrastructure and application security, focusing heavily on automation and regulatory compliance within a high-stakes, regulated environment.
Day-to-day: - CI/CD Security Integration: Design, build, and maintain automation to integrate security testing (SAST/DAST/SCA) directly into our deployment pipelines. You'll ensure that security is a "paved road" for developers, not a bottleneck.
- Full-Stack Security: Own security across the lifecycle-from securing our cloud infrastructure (AWS/Google Cloud Platform) to performing code reviews and architectural risk assessments.
- Vulnerability Management: Manage our detection stack using modern vulnerability scanning and dependency management tools to identify, prioritize, and track risks across the environment.
- Security Automation: Build and maintain automated workflows for vulnerability reporting, triage, and remediation. We want someone who leverages AI-powered agentic coding tools or similar automation to eliminate manual toil and accelerate response times.
- Compliance Engineering: Monitor our technical security controls to ensure that they are operating effectively throughout the year to meet the rigorous cybersecurity compliance requirements to support regulatory exams as well as SOC-2 and PCI audits.
- Incident Response: Serve as a key member of our security response team, helping to investigate and mitigate potential threats.
Collaborate with: - Product, data engineering, front-end engineering, tech ops, compliance, and legal
Tech stack: Cloud (AWS/Google Cloud Platform, K8s), CI/CD tools (GitHub Actions, GitLab CI, or Jenkins), Python, Go, or Bash, SAST/DAST/SCA, enterprise vulnerability management platforms, automated dependency scanning solutions.
Success in this role means: - Ensuring systems are resilient and compliant.
- Maintaining our regulatory compliance posture.
- Building automated, scalable security guardrails.
- Having a direct impact on the security strategy.
Travel: - Some travel required for periodic team offsites.
Knowledge Required Qualifications A Bachelor's degree in Computer Science or a related field, but similar professional experience is equally valued.
Experience A proven track record of deep experience in both Infrastructure Security and Application Security is required.
Technical skills:
- Pipeline Proficiency: Hands-on experience building security guardrails within CI/CD tools (e.g., GitHub Actions, GitLab CI, or Jenkins).
- Hybrid Expertise: Deep experience in both Infrastructure Security (Cloud/K8s) and AppSec (OWASP Top 10, Secure SDLC).
- Tooling Experience: Proven proficiency with enterprise vulnerability management platforms and automated dependency scanning solutions.
- Automation Mindset: You don't just find bugs; you write code (Python, Go, or Bash) to handle them. Experience using AI-driven automation or agentic tools to streamline security workflows is required.
- Fintech Fluency: You understand the high-stakes nature of working in a regulated environment and can translate compliance requirements into technical reality.
Leadership and collaboration:
- Clear, effective communication of trade-offs to non-technical stakeholders
- History of collaboration with engineers and others
Nice to have but in no way required:
- Certifications such as CISSP
- Prior experience in startups, especially Fintech
Never miss an opportunity! Create an alert based on the job you applied for.
