As our Founding Security Engineer, you will design, implement, and own the security foundations that protect Triumph’s players, funds, and data across all products and platforms.
Your work will ensure that Triumph can survive any single technical failure, credential compromise, or infrastructure security incident without irreversible loss of funds, data, or company viability.
As the primary security owner across our backend, mobile clients, infrastructure, and internal tooling, you’ll set the standards for how security is built, monitored, and operated at Triumph. You’ll report directly to our CTO + Co-Founder.
Own all service account, IAM, and privilege-elevation systems across production infrastructure.
Own disaster-recovery design and execution, ensuring that no infrastructure failure, security incident, or human error can cause irreversible loss of critical data, funds, or system integrity. Define and enforce recovery point (RPO) and recovery time (RTO) objectives for all existential data systems, and ensure infrastructure meets those guarantees.
Ensure all security-relevant actions in production are auditable, attributable, and reconstructable after the fact.
Own the technical implementation of data-protection controls required for GDPR and similar regulations, including data access controls, retention, deletion, and audit ability.
Own backend controls that ensure client traffic cannot be intercepted, replayed, or modified in a way that leads to irreversible harm, including transport security standards, replay protection, and enforcement of client attestation mechanisms (e.g., App Attest / DeviceCheck).

Requirements

5+ years of experience as a security engineer or infrastructure engineer with deep security ownership at a consumer or high-scale product company.
Proven experience designing and operating IAM, RBAC, and privilege escalation systems in cloud-native environments (e.g., AWS, GCP, or similar).
Hands-on experience with disaster recovery planning and implementation, including backups, restore testing, and defining/measuring RPO/RTO.
Strong background in secure systems design across APIs, backend services, and data stores, including practical familiarity with encryption, transport security, and key management.
Familiarity with GDPR or similar data protection regulations and translating requirements into concrete technical controls.
An understanding of how to balance productivity and risk reduction when shipping quickly in a high-growth environment.
Ability to partner with cross-functional teams (product, infra, mobile, operations) to drive security initiatives.

Benefits

$400/mo lunch credit
healthcare
vision
dental
401k

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

security engineeringinfrastructure securityIAMRBACprivilege escalationdisaster recovery planningencryptiontransport securitydata protection controlsGDPR compliance

Soft Skills

cross-functional collaborationrisk managementproblem-solvingcommunicationleadership