Senior Security Engineer

Job Description

At Beyond Finance, we’ve made it our mission to help everyday Americans escape the endless cycle of crippling debt and step into a brighter financial future. Through compassionate, individualized care,a culture focused on compliance and ethics, supportive user-centric technology, and customized financial solutions, we’ve helped over 1 million clients on their path to a brighter future.

While we’re proud of what we’ve already accomplished, we’re searching for new collaborators to help us get to the next level! If you’re looking to join a forward-thinking, rapidly growing organization with helping people as its number one goal, we want to hear from you.

As a Senior Security Engineer, you’ll harden the security posture of our AWS environment, our public-facing perimeter, and our software development pipeline. Cloud Security is the primary focus and Application Security is a secondary focus.

You’ll partner with DevOps, Engineering, and our Application Security Engineer to build preventative controls across infrastructure, identity, CI/CD, and applications. The work is hands-on: configuring tooling, writing and tuning detection and blocking rules, reviewing architecture, hardening pipelines, and supporting application security work where your range is needed.

Key Responsibilities

Cloud Security

• Operate and tune our WAF, including managed and custom rule sets, rate limiting, bot mitigation, and the day-to-day work of keeping false positives low.
• Own cloud security posture across our AWS environment using a CSPM or CNAPP platform alongside AWS-native security services.
• Reduce risk across IAM, network segmentation, ECS and container security, secrets management, and data exposure.
• Establish secure defaults in our Infrastructure as Code through reusable modules, guardrails, and policy as code.
• Harden CI/CD pipelines and the secrets that flow through them in partnership with DevOps.
• Build controls the SOC can monitor and respond to, and document the runbooks for the systems you own.

Application Security

• Operate and tune SAST, SCA, and Secret Scanning tooling integrated with our source control.
• Partner with our Application Security Engineer on code reviews and threat modeling across our Ruby on Rails, React Native, Python, and Go codebases.
• Mobile App Security (iOS and Android)

Vulnerability Management

• Run our vulnerability management program across cloud and application findings: intake, prioritization, SLA tracking, and reporting.
• Partner with engineering teams to drive remediation, advising on fixes and unblocking the work where you can.
• Build automation that scales the program — pipelines for ingestion, deduplication, prioritization logic, and developer-facing workflows.

AI Security

• Contribute to our growing AI security program, including controls for AI-assisted development tooling, secure use of AI in our products, and emerging risks like prompt injection.

Skill Requirements

• 5+ years of hands-on security engineering experience across cloud security and/or application security, with demonstrated depth in at least one.
• Strong AWS security background, including IAM, networking, container orchestration (ECS, EKS, or Kubernetes), and logging and audit. Hands-on experience with Wiz CNAPP.
• Hands-on experience operating a WAF in production, including writing and tuning rules, managing false positives, and responding when something gets through.
• Experience securing CI/CD pipelines and Infrastructure as Code, with Terraform required.
• Working knowledge of OWASP Top 10, secure code review, SAST/DAST/SCA tooling, and threat modeling.
• Experience running or substantially contributing to a vulnerability management program.
• Proficiency in at least one programming language used in modern application stacks, such as Python, Go, or Ruby.
• Operates independently and drives projects without day-to-day oversight.

Desirable Skills

• Experience with the tools we use day to day: Wiz, Cloudflare (WAF, Gateway, Zero Trust), GitHub Advanced Security, Spacelift, and AWS-native security services such as GuardDuty, Security Hub, Macie, and Inspector.
• Container and orchestration security depth across Docker, Kubernetes, and ECS/EKS.
• Familiarity with AI/ML security risks such as prompt injection, data poisoning, and model abuse, and the controls that mitigate them.
• Experience with secrets management platforms such as AWS Secrets Manager, Keeper, and/or Infisical.
• Identity security across human and non-human identities, including service accounts, API keys, and OIDC federation.
• Experience in a PCI-regulated environment or financial services.
• Familiarity with Ruby on Rails, Python, or Go.

#LI-LB2

The base annual salary range is listed below. This role is eligible for additional incentives, including an annual bonus.

Base Salary Range

$140,000—$165,000 USD

Why Join Us?

While you make a difference for others, we’ll work to make a difference for you, providing an uplifting, collaborative work environment and benefits that reflect your value to us. For eligible full-time employees, we offer:

• Considerable employer contributions for health, dental, and vision programs
• Generous PTO, paid holidays, and paid parental leave
• 401(k) matching program
• Merit advancement opportunities
• Career development & training

And finally, our team spirit and culture! We cultivate an environment of community, connection, and belonging across our entire organization.

Beyond Finance does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies in response to job positions.  No fee will be paid to their parties who submit unsolicited candidates directly to Beyond Finance employees or the Beyond Finance HR team.  No placement fee will be paid to any third party unless such a request has been made by the Beyond HR team.