Senior Security Engineer

This is a consumer fintech startup, and you will be working with serial entrepreneurs who have built strong consumer brands and innovative products. We value extreme ownership, clear communication, a strong sense of craftsmanship, and the desire to create lasting work and work relationships. Yes, you can build an exciting business AND have real-life real-customer impact.

This is a mission-critical role at the heart of how Kikoff protects millions of customers and their financial data. You'll own a wide mandate — from securing our cloud infrastructure and developer workflows to hardening our software supply chain and protecting how data moves across our stack. This isn't a compliance checkbox role. You'll have real ownership, and the work you do will be felt by every engineer at Kikoff and every customer we serve.

• Design and maintain secure-by-default infrastructure patterns — IaC modules, container configurations, IAM policy baselines, and secrets management — so the secure path is the easy path for developers
• Own our cloud security posture across AWS: continuous coverage, guardrails, drift detection, and remediation workflows
• Harden our CI/CD pipelines and lead our software supply chain security strategy, including dependency scanning, artifact signing, and pipeline integrity

• Own security across our data infrastructure — classification, access controls, encryption, and securing data flows across cloud storage and internal pipelines
• Build detection and audit logging capabilities that give us visibility at scale

• Partner with product and platform engineers to embed security into the development lifecycle through code review, threat modeling, and reusable secure patterns
• Build internal tooling that scales security and our engineering teams
• Be the person engineers come to for a clear, practical answers

• Participate in incident response and postmortems
• Track and drive remediation of vulnerabilities across infrastructure and applications
• Help shape our security program as an early, senior hire on the team

• 5+ years in security engineering with meaningful experience in cloud-native environments (AWS strongly preferred)
• Hands-on with infrastructure-as-code security — you've written and reviewed Pulumi or Terraform and know where things go wrong
• Strong command of AWS security primitives
• Experience securing containerized workloads
• Fluency in at least one scripting or programming language for automation (Python, Go, Ruby, or similar)
• Comfortable in a regulated environment — you've worked through PCI-DSS, SOC 2, or similar
• Experience with industry leading CNAPP or CSPM tooling

• Supply chain security depth: dependency confusion mitigations, artifact provenance.
• Data security expertise — tokenization, column-level access controls, audit logging at scale
• Fintech or consumer financial services background
• You've built internal security tooling from scratch, not just deployed vendor products

You think in defaults, not policies. You'd rather fix the infrastructure module than write a runbook. You're comfortable telling an engineer "here's the secure version, just use this" — and they actually do.