Head of Platform & Security

The Head of Platform & Security is a hands-on technical leadership role responsible for the reliability, security, and operational excellence of Opto's technology platform. This is not a CISO or executive security strategy role. You will spend up to 50% of your time as a direct technical contributor — writing code, building and operating infrastructure, and doing the work alongside your team.

You will partner with the CTO to define and execute Opto's security strategy while leading a team of four engineers spanning infrastructure, security, DevOps, and internal IT.  You will own our enterprise and application security program end-to-end and lead a four-person platform engineering team spanning infrastructure, security, DevOps, and internal IT. You will partner closely with engineering leadership, legal, and executive stakeholders to ensure that Opto's platform meets the highest standards demanded by our clients — wealth managers and financial institutions who entrust us with highly sensitive data.

Our tech stack consists of React-based Next.js TypeScript applications backed by Python REST API services.  Our infrastructure is managed as code, orchestrated with Kubernetes on AWS (EKS), and deployed via automated CI/CD pipelines. Our tech stack continues to evolve, driven by our shared principles of optimizing for modularity, scalability, and team-level service ownership.

Security Leadership

• Own Opto's enterprise and platform security posture across all applications, services, business tools, and processes
• Maintain Opto's SOC 2 Type II audit reports, ensuring ongoing compliance and readiness for annual assessments
• Own and continuously improve programs for security incident management, vulnerability management, penetration testing, network security, authentication and authorization, system access control, data privacy and governance, encryption and certificate management, and threat detection
• Define and monitor compliance with internal security policies, including MDM, SSO/MFA/RBAC, VPN/zero trust, and data governance
• Partner with Legal to establish a comprehensive security and compliance program, ensuring appropriate processes, documentation, and staffing are in place with no single points of failure
• Promote a culture of security across the organization — ensuring all individuals understand and follow security policies and appreciate why they matter
• Represent Opto's security program externally to customers, prospects, and investors, including responding to security audits and due diligence questionnaires (DDQs)

Engineering Management

• Lead, mentor, and grow a four-person platform engineering team (infrastructure, security, DevOps, internal IT)
• Maintain team roadmap and backlog in cooperation with engineering leadership and product stakeholders
• Keep stakeholders informed of key milestones, risks, reprioritizations, and escalations
• Provide technical direction on platform architecture decisions, tooling choices, and engineering standards
• Own the internal IT function, ensuring employees get the support they need
• Work with engineering leadership and Recruiting to ensure the team is properly resourced
• Contribute directly to technical projects as bandwidth allows (up to 50% of your time)
• Foster a collegial, trust-filled, and high-accountability team environment

• 4-year degree in Computer Science, Engineering, or a related technical field (or equivalent work experience)
• 5+ years of professional experience in Information Security
• 5+ years in software engineering, SRE, DevOps, or a closely related technical discipline
• Hands-on experience with Kubernetes (EKS or equivalent) and infrastructure-as-code tooling
• Demonstrated AWS engineering depth — not just organizational ownership of AWS environments
• Experience managing compliance with SOC 2, ISO 27001, and/or PCI standards
• Experience building and managing engineering or security teams
• Familiarity with the full software development lifecycle (CI/CD, Git, etc.)
• Strong preference for automation and tooling over manual processes
• Comfort with ambiguity and the ability to execute in a fast-paced startup environment
• Excellent written, verbal, and interpersonal communication skills — equally effective with engineers, executives, and enterprise clients
• This role requires demonstrated strength in both infrastructure engineering and security. Candidates with depth in only one of these areas will not be considered.
• Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

• Background in financial services or fintech
• Prior experience at a startup or high-growth technology company.

Please fill out the below fields, and attach a Resume and Cover Letter. Why a Cover Letter? We receive a high volume of applicants, and we have real humans that read each and every resume, we encourage you to use creativity in your Cover Letter and speak directly to why you want to join our team! 

We will review your resume in as timely a manner as we are able to, so kindly refrain from reaching out to hiring managers or other Opto team members via email or linkedin, as this won't improve or fast track your application.