Security Engineer
9.0/10
Coinflow
$145,000 – $195,000 USD
Office / on-site
mid
13 days ago
fintechtechSIEMSecOpsTypeScriptNodeRustGoPythonvulnerability managementAI-native tooling
AI Summary
The vacancy is well-structured and informative, providing clarity on responsibilities, compensation, and company background.
Check Match — Just drop your CV
See your fit for Security Engineer in seconds.
Description
What You'll Own
- •**SIEM & SecOps Dashboard**: Stand up and operate our SIEM. Build out the SecOps dashboard that gives engineering, compliance, and leadership a real-time picture of our security posture — alerts, anomalies, auth events, infrastructure changes, and audit-ready evidence in one place.
- •**Internal Penetration Testing**: Run continuous internal pentests against Coinflow services, APIs, infrastructure, and embedded SDKs. Use Claude Security and Claude Code to scale your coverage — automate reconnaissance, fuzzing, code review, and exploit development. Document findings, drive remediation, and measure mean-time-to-fix.
- •**Vulnerability & Dependency Management**: Own the vulnerability lifecycle end-to-end. Triage CVEs across our npm, cargo, and other ecosystems. Build the automation that keeps packages patched without breaking production — including Dependabot tuning, lockfile hygiene, and gated auto-merge for low-risk upgrades.
- •**Secure Development Lifecycle**: Monitor and improve how we ship code. Define secure-by-default patterns for new services, review threat models for high-risk changes, integrate SAST/DAST/secret scanning into CI, and make the secure path the fast path for engineers.
- •**Compliance Partnership**: Work alongside our compliance function to produce the evidence, controls, and monitoring artifacts that PCI DSS, SOC 2, ISO 27001, and DORA auditors need — without turning engineering into a paperwork shop.
What We Offer
- •The base salary range for this role is $145,000 to $195,000 USD. The actual base salary offered depends on a variety of factors, including but not limited to experience, education, skills, qualifications and business needs.
- •Eligible for an equity grant, allowing you to share in the long-term success of the company.
- •Access to a wide array of benefits, including health and wellness benefits, 401(k) savings plan, and flexible time off.
Requirements
What We're Looking For
- •4+ years in a security engineering, product security, or DevSecOps role, ideally at a fintech, payments company, or other regulated environment.
- •Strong hands-on offensive skills — you've broken real systems, not just run scanners. Comfortable with web app, API, cloud, and infrastructure pentesting.
- •Production experience operating a SIEM (Datadog, Splunk, Elastic, Panther, or similar) and building dashboards that engineers actually use.
- •Fluency in TypeScript/Node and at least passing comfort with Rust, Go, or Python — enough to read our code, find bugs in it, and write the tooling to find more.
- •Experience with vulnerability management at scale: CVE triage, SCA tooling, dependency upgrade automation.
- •Comfort working with AI-native tooling (Claude Code, Claude Security, or similar) as a daily driver — or genuine excitement to start.
- •A bias toward shipping. We'd rather have a working v1 of a control today than a perfect v3 next quarter.
Loading similar jobs...