Lead and drive Loancrate’s security posture across application security, cloud security, identity, and compliance
Perform regular threat modeling, vulnerability assessments, and penetration testing
Build and maintain security tooling and automation: SAST/DAST, dependency scanning, container scanning, SBOM management, and secret detection
Harden our AWS environment: IAM, VPC boundaries, secrets management, audit logging, GuardDuty, Security Hub, KMS key management, and DDoS protection
Own our SOC 2 Type II program
Lead or coordinate incident response for security events
Establish and maintain a secure SDLC
Maintain a risk register
Partner with Operations on endpoint and device security
Manage third-party and vendor security risk
Own identity and access infrastructure
Contribute to security documentation, internal runbooks, and team education

Requirements

5+ years of experience in security engineering or related field
Deep application security experience: threat modeling, OWASP Top 10 (and beyond), secure code review, SAST/DAST tooling
Strong AWS security experience across IAM, VPC, GuardDuty, Security Hub, CloudTrail, KMS, Secrets Manager, and WAF
Terraform and/or Pulumi proficiency
Hands-on SOC 2 experience
CI/CD security experience
Fintech or regulated industry experience
Collaborative mindset
Identity and access experience
Familiarity with data security for sensitive personal and financial data
Strong written communication
Scripting and automation skills (Python, Bash, or similar)

Benefits

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

application securitythreat modelingvulnerability assessmentspenetration testingSASTDASTAWS securityTerraformPulumiCI/CD security

Soft Skills

collaborative mindsetstrong written communication