Senior Information Security Engineer
About The Position
Self Financial is a venture-backed, high-growth FinTech company with a mission to increase economic inclusion and financial resilience by empowering people to build credit and build savings. We're looking for people who share our passion and are driven to tackle challenges, find solutions and make the financial space better for the communities we serve. Our team is passionate about challenging the status quo of the credit industry by providing people accessible tools to take control of their credit. Executing on our mission requires deep collaboration across our teams to ensure our products reach the people who can benefit from them the most, particularly the 100 million+ Americans who have no or low credit. We celebrate diversity and are committed to creating an inclusive environment for all employees. To that end, we seek to recruit, develop and retain the most talented people from a diverse candidate pool. Role Summary The Senior Information Security Engineer is responsible for owning application security across all Self products. This role plays a critical part in protecting customer data, ensuring compliance with SOC 2 and PCI requirements, and partnering closely with engineering teams to identify, prioritize, and remediate security risks throughout the software development lifecycle.
Requirements
- Strong experience in application security, product security, or software security engineering
- Hands-on experience with vulnerability management tools and remediation workflows
- Knowledge of secure software development practices and common application vulnerabilities
- Experience supporting or operating within SOC 2 and PCI compliance environments
- Ability to partner effectively with engineering teams to drive security outcomes
- Strong risk assessment, prioritization, and communication skills
Nice To Haves
- Experience performing third-party vendor security assessments
- Familiarity with cloud-native application architectures
- Prior experience in fintech, regulated industries, or environments handling sensitive customer data
- Security certifications (e.g., CISSP, CSSLP, GWAPT) or equivalent experience
Responsibilities
- Own end-to-end application security for all Self products
- Conduct and manage vulnerability scanning, triage, and remediation tracking using security tools (e.g., SAST)
- Partner closely with engineering and product teams to remediate critical security findings
- Lead and perform third-party vendor security reviews and risk assessments
- Support SOC 2 and PCI compliance efforts, including audit preparation and evidence collection
- Identify application-level security risks and recommend mitigation strategies
- Help embed secure-by-design practices into product development processes
- Monitor emerging application security threats and recommend appropriate controls
Benefits
- Company equity in the form of Stock Options
- Performance-based bonuses
- Generous employer-paid health, vision and dental insurance coverage
- Flexible vacation policy
- Educational assistance
- Free gym membership
- Casual dress code
- Team building events and activities
- Remote work arrangements/ flexible work schedule
- Paid parental leave
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
