Security Engineer
Coinflow · Chicago, IL · 2 wk ago
On-siteInformation Technology$145k–$195k/yrFull-time
About the role
We're hiring for a Security Engineer to own the day-to-day defensive and offensive security posture of Coinflow. You'll build the SecOps backbone, hunt for weaknesses in our own stack before anyone else does, and partner with engineering to keep our SDLC fast and secure.
Responsibilities
- Stand up and operate our SIEM.
- Build out the SecOps dashboard that gives engineering, compliance, and leadership a real-time picture of our security posture — alerts, anomalies, auth events, infrastructure changes, and audit-ready evidence in one place.
- Run continuous internal pentests against Coinflow services, APIs, infrastructure, and embedded SDKs. Use Claude Security and Claude Code to scale your coverage — automate reconnaissance, fuzzing, code review, and exploit development.
- Document findings, drive remediation, and measure mean-time-to-fix.
- Triage CVEs across our npm, cargo, and other ecosystems. Build the automation that keeps packages patched without breaking production — including Dependabot tuning, lockfile hygiene, and gated auto-merge for low-risk upgrades.
- Monitor and improve how we ship code. Define secure-by-default patterns for new services, review threat models for high-risk changes, integrate SAST/DAST/secret scanning into CI, and make the secure path the fast path for engineers.
- Work alongside our compliance function to produce the evidence, controls, and monitoring artifacts that PCI DSS, SOC 2, ISO 27001, and DORA auditors need — without turning engineering into a paperwork shop.
Requirements
- 4+ years in a security engineering, product security, or DevSecOps role, ideally at a fintech, payments company, or other regulated environment
- Strong hands-on offensive skills — you've broken real systems, not just run scanners
- Comfortable with web app, API, cloud, and infrastructure pentesting
- Production experience operating a SIEM (Datadog, Splunk, Elastic, Panther, or similar) and building dashboards that engineers actually use
- Fluency in TypeScript/Node and at least passing comfort with Rust, Go, or Python — enough to read our code, find bugs in it, and write the tooling to find more
- Experience with vulnerability management at scale: CVE triage, SCA tooling, dependency upgrade automation
- Comfort working with AI-native tooling (Claude Code, Claude Security, or similar) as a daily driver — or genuine excitement to start
- A bias toward shipping. We'd rather have a working v1 of a control today than a perfect v3 next quarter
Qualifications
- Experience with CI/CD pipelines and automated testing
- Knowledge of common security protocols and standards (PCI DSS, SOC 2, ISO 27001)
- Experience with security architecture and design
- Experience with security operations and incident response
Skills
- Security architecture and design
- Security operations and incident response
- CI/CD pipelines and automated testing
- Security protocols and standards (PCI DSS, SOC 2, ISO 27001)
Benefits
- Base salary range: $145,000 to $195,000 USD
- Eligible for an equity grant
- Access to a wide array of benefits, including health and wellness benefits, 401(k) savings plan, and flexible time off
Pay
The actual base salary offered depends on a variety of factors, including but not limited to experience, education, skills, qualifications and business needs.
Schedule
N/A