Senior Security Engineer

<div class="content-intro"><p class="c-mrkdwn__pre" style="text-align: left;" data-stringify-type="pre">At Beyond Finance, we've made it our mission to help everyday Americans escape the endless cycle of crippling debt and step into a brighter financial future. Through compassionate, individualized care,<strong> </strong>a culture focused on compliance and ethics, supportive user-centric technology, and customized financial solutions, we've helped over 1 million clients on their path to a brighter future.</p> <p class="c-mrkdwn__pre" style="text-align: left;" data-stringify-type="pre">While we're proud of what we've already accomplished, we're searching for new collaborators to help us get to the next level! If you're looking to join a forward-thinking, rapidly growing organization with helping people as its number one goal, we want to hear from you.</p> <p>&nbsp;</p></div><h2><strong>The Role</strong></h2> <p>As a Senior Security Engineer, you'll harden the security posture of our AWS environment and our software development pipeline. Cloud Security and vulnerability management in Wiz are the primary focus.<br><br></p> <p>You'll partner with DevOps, Engineering, and our Application Security Engineer to build preventative controls across infrastructure, identity, and CI/CD. The work is hands-on: configuring tooling, reviewing architecture, hardening pipelines, and supporting application security work where your range is needed.</p> <h2><strong>Key Responsibilities</strong></h2> <ul> <li>Own cloud security posture across our AWS environment using Wiz and AWS-native services, reducing risk across IAM, network segmentation, container security, secrets, and data exposure.</li> <li>Establish secure defaults in our Infrastructure as Code through reusable modules, guardrails, and policy as code.</li> <li>Harden CI/CD pipelines in partnership with DevOps.</li> <li>Run vulnerability management across cloud and application findings: intake, prioritization, SLA tracking, and remediation with engineering.</li> <li>Build automation that scales the program: ingestion, deduplication, prioritization, and developer-facing workflows.</li> <li>Instrument telemetry, alerting, and runbooks for the systems you own.</li> <li>Operate and tune our WAF: managed and custom rules, rate limiting, and bot mitigation.</li> </ul> <h2><strong>Requirements</strong></h2> <ul> <li>5+ years of hands-on security engineering across cloud security and vulnerability management.</li> <li>Strong AWS security background: IAM, networking, container orchestration, and logging and audit.</li> <li>Hands-on experience securing CI/CD pipelines and Infrastructure as Code; Terraform required.</li> <li>Experience running or substantially contributing to a vulnerability management program.</li> <li>Working knowledge of OWASP Top 10 and threat modeling.</li> <li>Operates independently and drives projects without day-to-day oversight.</li> </ul> <h2><strong>Nice to Have</strong></h2> <ul> <li>Experience with our stack: Wiz, Cloudflare (WAF, Gateway, Zero Trust), GitHub Advanced Security, Spacelift, and AWS-native services.</li> <li>Hands-on WAF experience in production: writing and tuning rules, managing false positives, responding when something gets through.</li> <li>AI/ML security exposure: prompt injection, data poisoning, model abuse, and the controls that mitigate them.</li> <li>Secrets management platforms (AWS Secrets Manager, Keeper, Infisical).</li> <li>Identity security across human and non-human identities.</li> <li>PCI-regulated or financial services environment.</li> <li>Familiarity with Ruby on Rails, Python, or Go.</li> </ul> <h2><strong>The Ideal Candidate</strong></h2> <p>The ideal candidate measures success by reduced risk, not tickets closed, and reaches for secure design and simplicity before another control. They think like an attacker but bring a developer mindset to their partnership with engineering, connecting the dots across cloud, identity, and pipeline rather than treating each as a separate domain. Engineers trust their technical judgment, and when something is blocked, they come with a proposed path forward.</p><div class="content-pay-transparency"><div class="pay-input"><div class="description"><p>The base annual salary range is listed below. This role is eligible for additional incentives, including an annual bonus.</p></div><div class="title">Base Salary Range</div><div class="pay-range"><span>$140,000</span><span class="divider">&mdash;</span><span>$165,000 USD</span></div></div></div><div class="content-conclusion"><p><strong>Why Join Us?</strong></p> <p><span style="font-weight: 400;">While you make a difference for others, we’ll work to make a difference for you, providing an uplifting, collaborative work environment and benefits that reflect your value to us. For eligible full-time employees, we offer:</span></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Considerable employer contributions for health, dental, and vision programs</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Generous PTO, paid holidays, and paid parental leave</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">401(k) matching program</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Merit advancement opportunities</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Career development &amp; training</span></li> </ul> <p><span style="font-weight: 400;">And finally, our team spirit and culture! We</span><span style="font-weight: 400;"> cultivate an environment of community, connection, and belonging across our entire organization.</span></p> <p><span style="font-weight: 400;"><em data-stringify-type="italic">Beyond Finance does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies in response to job positions.&nbsp; No fee will be paid to their parties who submit unsolicited candidates directly to Beyond Finance employees or the Beyond Finance HR team.&nbsp; No placement fee will be paid to any third party unless such a request has been made by the Beyond HR team.</em></span></p></div>