Senior Security Engineer

Beyond Finance

Senior Security Engineer hardening the security posture of AWS environments at Beyond Finance. Collaborating with DevOps and Engineering teams to implement preventative controls across systems and applications.

Posted 5/15/2026full-timeChicago • Illinois • 🇺🇸 United StatesSenior💰 $140,000 - $165,000 per yearWebsite

Tech Stack

Tools & technologies

AWSCloudGoKubernetesPythonReactReact NativeRubyRuby on RailsTerraform

About the role

Key responsibilities & impact

Harden the security posture of our AWS environment, our public-facing perimeter, and our software development pipeline.
Partner with DevOps, Engineering, and our Application Security Engineer to build preventative controls across infrastructure, identity, CI/CD, and applications.
Configure tooling, write and tune detection and blocking rules, review architecture, harden pipelines, and support application security work where your range is needed.
Operate and tune our WAF, including managed and custom rule sets, rate limiting, bot mitigation.
Own cloud security posture across our AWS environment using a CSPM or CNAPP platform alongside AWS-native security services.
Reduce risk across IAM, network segmentation, ECS and container security, secrets management, and data exposure.
Establish secure defaults in our Infrastructure as Code through reusable modules, guardrails, and policy as code.
Harden CI/CD pipelines and secrets that flow through them in partnership with DevOps.
Build controls the SOC can monitor and respond to, and document the runbooks for the systems you own.
Operate and tune SAST, SCA, and Secret Scanning tooling integrated with our source control.
Partner with our Application Security Engineer on code reviews and threat modeling across our Ruby on Rails, React Native, Python, and Go codebases.
Run our vulnerability management program across cloud and application findings: intake, prioritization, SLA tracking, and reporting.
Partner with engineering teams to drive remediation, advising on fixes and unblocking the work where you can.
Build automation that scales the program — pipelines for ingestion, deduplication, prioritization logic, and developer-facing workflows.
Contribute to our growing AI security program, including controls for AI-assisted development tooling, secure use of AI in our products, and emerging risks like prompt injection.

Requirements

What you’ll need

5+ years of hands-on security engineering experience across cloud security and/or application security, with demonstrated depth in at least one.
Strong AWS security background, including IAM, networking, container orchestration (ECS, EKS, or Kubernetes), and logging and audit. Hands-on experience with a CSPM or CNAPP platform.
Hands-on experience operating a WAF in production, including writing and tuning rules, managing false positives, and responding when something gets through.
Experience securing CI/CD pipelines and Infrastructure as Code, with Terraform required.
Working knowledge of OWASP Top 10, secure code review, SAST/DAST/SCA tooling, and threat modeling.
Experience running or substantially contributing to a vulnerability management program.
Proficiency in at least one programming language used in modern application stacks, such as Python, Go, or Ruby.
Operates independently and drives projects without day-to-day oversight.

Benefits

Comp & perks

Considerable employer contributions for health, dental, and vision programs
Generous PTO, paid holidays, and paid parental leave
401(k) matching program
Merit advancement opportunities
Career development & training

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cloud securityapplication securityAWSIAMcontainer orchestrationECSKubernetesTerraformSASTvulnerability management

Soft Skills

independent operationproject managementcollaborationcommunication