Security Engineer
Overview
Thunes Financial Services is hiring a Security Engineer to architect trust for their fintech platform. The ideal candidate is a hybrid specialist who can bridge the gap between Infrastructure Security and Application Security, ensuring resilience and compliance.
Role
As a Security Engineer, you will be responsible for security across the full lifecycle of Thunes' fintech platform. This hybrid specialist role requires deep engagement with both infrastructure and application security, focusing heavily on automation and regulatory compliance within a high-stakes, regulated environment.
Day-to-day CI/CD Security Integration: Design, build, and maintain automation to integrate security testing (SAST/DAST/SCA) directly into our deployment pipelines. Ensure security is a "paved road" for developers, not a bottleneck.
Full-Stack Security: Own security across the lifecycle—from securing our cloud infrastructure (AWS/GCP) to performing code reviews and architectural risk assessments.
Vulnerability Management: Manage our detection stack using modern vulnerability scanning and dependency management tools to identify, prioritize, and track risks across the environment.
Security Automation: Build and maintain automated workflows for vulnerability reporting, triage, and remediation. Leverage AI-powered agentic coding tools or similar automation to eliminate manual toil and accelerate response times.
Compliance Engineering: Monitor our technical security controls to ensure they are operating effectively throughout the year to meet the rigorous cybersecurity compliance requirements to support regulatory exams as well as SOC-2 and PCI audits.
Incident Response: Serve as a key member of our security response team, helping to investigate and mitigate potential threats. Collaborate with Product, Data Engineering, Front-End Engineering, Tech Ops, Compliance, and Legal.
Tech Stack
Cloud (AWS/GCP, K8s)
CI/CD tools (GitHub Actions, GitLab CI, or Jenkins)
Python, Go, or Bash
SAST/DAST/SCA
Enterprise vulnerability management platforms
Automated dependency scanning solutions
Success in this Role
Maintaining our regulatory compliance posture.
Building automated, scalable security guardrails.
Having a direct impact on the security strategy.
Travel
Some travel required for periodic team offsites.
Knowledge Required
A Bachelor's degree in Computer Science or a related field, but similar professional experience is equally valued.
Proven track record of deep experience in both Infrastructure Security and Application Security.
Hands-on experience building security guardrails within CI/CD tools (e.g., GitHub Actions, GitLab CI, or Jenkins).
Deep experience in both Infrastructure Security (Cloud/K8s) and AppSec (OWASP Top 10, Secure SDLC).
Proven proficiency with enterprise vulnerability management platforms and automated dependency scanning solutions.
You don’t just find bugs; you write code (Python, Go, or Bash) to handle them.
Experience using AI-driven automation or agentic tools to streamline security workflows is required.
You understand the high-stakes nature of working in a regulated environment and can translate compliance requirements into technical reality.
Clear, effective communication of trade-offs to non-technical stakeholders.
History of collaboration with engineers and others.
Nice to Have
Certifications such as CISSP.
Prior experience in startups, especially Fintech.