Senior Security Engineer

What to Expect:

• Conducting a comprehensive threat model, identifying the highest-leverage gaps.
• Hardening our AWS infrastructure - IAM least-privilege, secrets management, network segmentation.
• Integrating security tooling into our CI/CD pipeline: SAST, dependency scanning.

Core Responsibilities:

• Lead and drive Loancrate’s security posture across application security, cloud security, identity, and compliance.
• Perform regular threat modeling, vulnerability assessments, and penetration testing.
• Build and maintain security tooling and automation: SAST/DAST, dependency scanning, container scanning.

Tech Stack:

• Our infrastructure runs on AWS and is managed 100% with Terraform and Pulumi Cloud.
• Application services run in Docker on ECS EC2 or Fargate.
• Observability is powered by Datadog, CloudWatch, and Sentry.

Preferred Skills and Background:

• Deep application security experience: threat modeling, OWASP Top 10, secure code review.
• Strong AWS security experience across IAM, VPC, GuardDuty, Security Hub, CloudTrail, KMS, Secrets Manager, and WAF.
• Hands-on SOC 2 experience: you’ve designed controls, collected evidence, and managed an auditor relationship.