Lead Cybersecurity Strategist

We are seeking a Lead Security Specialist to lead our Application and Cloud Security programs.

This role requires designing and enforcing security best practices across our codebase, cloud infrastructure, development lifecycle, and production environments.

• Application Security:
  • Perform security assessments across our application stack, including threat modeling, code reviews, dynamic scanning, and penetration testing.
  • Build and maintain secure SDLC practices, including integration of security checks into CI/CD pipelines.
  • Guide teams in secure design patterns, including secure authentication, input validation, access control, session management, and secure storage.
  • Continuously monitor and remediate vulnerabilities in source code and dependencies (SCA, SAST, DAST).
  • Partner with engineering teams to define and enforce coding standards aligned with OWASP and CWE guidelines.
• Cloud & Infrastructure Security:
  • Design and maintain secure configurations for AWS environments, including networking, identity management (IAM), encryption, and logging.
  • Implement and manage security services such as GuardDuty, Inspector, Security Hub, and other cloud-native tools.
  • Define and enforce infrastructure-as-code (IaC) security controls using tools such as Terraform, CloudFormation, or policy-as-code frameworks (e.g., OPA, Sentinel).
  • Lead efforts in runtime protection, including workload scanning, intrusion detection, and anomaly alerting.
  • Ensure centralized, secure log collection, monitoring, and alerting across all infrastructure components.
• Security Architecture & Best Practices:
  • Champion a shift-left approach to security—collaborating with developers early in the SDLC and providing actionable feedback during design, build, and review phases.
  • Collaborate with product managers and infrastructure leads to ensure security is embedded into architectural decisions, particularly for high-risk features or regulated workflows.
  • Define and promote secure defaults, least-privilege access, and zero-trust architectural principles.
  • Ensure strong key management and encryption standards are applied across data at rest, in transit, and in use.
• Governance, Risk & Compliance:
  • Support compliance initiatives by building and documenting enforceable security controls.
  • Work with auditors and risk teams to demonstrate maturity of security processes and ongoing improvements.
  • Establish internal security policies, operational procedures, and regular audit activities.
  Key Responsibilities:
  • Lead the adoption of security by design across engineering functions.
  • Embed continuous security testing into our CI/CD pipelines.
  • Maintain a developer-centric approach to security—minimizing friction while enforcing strong protections.
  • Build scalable policies and automation for secrets management, code signing, and environment hardening.
  • Keep pace with evolving security threats, technologies, and tools, proactively updating controls and detection mechanisms.
  • Represent security posture to executive and customer stakeholders with clarity and confidence.
  Requirements:
  • 6+ years of experience in security engineering with a primary focus on application and cloud security.
  • Proficiency with programming languages like Java, Python, JavaScript, and web technologies (HTML, CSS, SQL).
  • In-depth knowledge of application security vulnerabilities, threat modeling, and SDLC integrations.
  • Deep familiarity with Cloud security architecture and services (AWS - IAM, VPC, KMS, GuardDuty, CloudTrail, etc.).
  • Experience with DevSecOps tools and practices, including SAST, DAST, container scanning, and infrastructure scanning.
  • Hands-on experience in implementing industry best practices in access control, encryption, and security observability.
  • Excellent communication skills, with the ability to collaborate across engineering, product, and compliance teams.
  • Bachelor's degree in Computer Science, Information Security, or a related field.
  What We Offer:

We offer a remote-first culture, comprehensive benefits, and the opportunity to build game-changing products that shape the financial industry.