Senior Information Security Engineer

The Senior Information Security Engineer is responsible for owning application security across all Self products. This role plays a critical part in protecting customer data, ensuring compliance with SOC 2 and PCI requirements, and partnering closely with engineering teams to identify, prioritize, and remediate security risks throughout the software development lifecycle. 

• →Own end-to-end application security for all Self products
• →Conduct and manage vulnerability scanning, triage, and remediation tracking using security tools (e.g., SAST)
• →Partner closely with engineering and product teams to remediate critical security findings
• →Lead and perform third-party vendor security reviews and risk assessments
• →Support SOC 2 and PCI compliance efforts, including audit preparation and evidence collection
• →Identify application-level security risks and recommend mitigation strategies
• →Help embed secure-by-design practices into product development processes
• →Monitor emerging application security threats and recommend appropriate controls

• Strong experience in application security, product security, or software security engineering
• Experience with application security scanning using GitLab SAST
• Hands-on experience with vulnerability management tools and remediation workflows
• Knowledge of secure software development practices and common application vulnerabilities 
• Experience supporting or operating within SOC 2 and PCI compliance environments
• Ability to partner effectively with engineering teams to drive security outcomes
• Strong risk assessment, prioritization, and communication skills

Preferred Qualifications

• Experience performing third-party vendor security assessments
• Familiarity with cloud-native application architectures
• Prior experience in fintech, regulated industries, or environments handling sensitive customer data
• Security certifications (e.g., CISSP, CSSLP, GWAPT) or equivalent experience