Sr. Security Engineer

Why TrueML?

TrueML is a mission-driven financial software company dedicated to creating better customer experiences for distressed borrowers. We believe consumers want personal, digital-first experiences that align with their lifestyles, especially concerning finances. TrueML's approach leverages machine learning to engage each customer digitally and adjust strategies in real-time based on their interactions.

The TrueML team comprises inspired data scientists, financial services industry experts, and customer experience fanatics building technology to serve individuals by recognizing their unique needs and preferences, aiming to ensure nobody is locked out of the financial system.

What You Will Do

Position Summary

We are seeking a Sr. Security Engineer to lead the integration of security across the software development lifecycle (SDLC). This role sits at the intersection of engineering, cloud infrastructure, and application security, driving automation, scalability, and secure-by-default development practices. You will design and implement security-first CI/CD pipelines, embed automated security testing, and partner with engineering teams to ensure applications are built, deployed, and operated securely—at scale.

Key Responsibilities

Security Automation & CI/CD Integration (Core Focus)

• Embed security controls and scanners (SAST, SCA, DAST, IaC, Container Security) into CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI, Azure DevOps).
• Design and maintain automated security workflows across build, test, and deploy stages.
• Implement security gates, policy enforcement, and compliance checks within pipelines.

Cloud Security (AWS Focus)

• Secure cloud-native architectures across AWS (IAM, VPC, ECS/EKS, Lambda, S3, API Gateway).
• Integrate and operationalize CNAPP/CSPM tools (e.g., Wiz, Prisma Cloud).
• Enforce least privilege access, secrets management, and runtime protections.
• Define and maintain security policies for our AWS environment, focusing on containerized workloads (EKS/ECS) and serverless architectures (Lambda).
• Build real-time monitoring and automated remediation for AWS resources to ensure audit-readiness for frameworks like PCI and ISO 27001.
• Perform deep-dive threat modeling exercises on applications and designs.
• Develop security standards for Generative AI and leverage AI-powered tools to explore our attack surface while defending against AI-driven threats.
• Secure Infrastructure as Code (IaC) templates (Terraform/CloudFormation) and manage cloud primitives like IAM, KMS, and WAF.

What You Bring

• An Experienced Defender: 7-10 years in software engineering, DevOps, or cloud engineering. 3+ years in a DevSecOps focused role with deep mastery of cloud security, vulnerability analysis, and incident response.
• A Cloud Specialist: Demonstrable expertise in the AWS ecosystem and high proficiency in securing Infrastructure as Code (Terraform) and containerized environments.
• Certified and Credentialed: Top-tier industry certifications (e.g., CISSP, SANS GIAC, or CASP) and a firm grasp of compliance frameworks like PCI and ISO 27001.
• Technically Versatile: Familiarity with OWASP, proficiency with modern security tooling, and the ability to secure complex API integrations and data protection layers.
• AI-Aware: Understanding of evolving AI regulations and the technical curiosity to investigate AI's use in bypassing controls.
• A Strategic Partner: Natural collaborator skilled at translating complex InfoSec projects into simple, maintainable tasks for Engineering teams.
• An Elite Communicator: Ability to propose strategic methodologies for legacy security debt and convince stakeholders of the business value of security-first design.

Core Skills & Capabilities

• Deep expertise in CI/CD pipelines (GitHub Actions, Jenkins).
• Strong hands-on experience with AWS cloud security.
• Proficiency in application security tooling and integration.
• Experience with container security (Docker, Kubernetes).
• Strong scripting/programming skills (Python, JavaScript).
• Understanding of modern DevSecOps and shift-left security practices.
• Excellent collaboration skills across engineering, security, and DevOps teams.

Compensation:

• $122,090 - $160,000 per year (base salary range).

What We Offer (Perks & Benefits)

• Flexible vacation
• Medical/dental/vision insurance
• Traditional/Roth retirement savings options
• Company-paid disability and life insurance
• Flexible Spending Account & Limited FSA
• Family-friendly parental leave, volunteer and voting time off
• On-demand wellness platform access
• PerkSpot discount program

Remote Work, Travel Expectations & Physical Requirements:

• Primarily Remote-First environment.
• Flexibility outside standard business hours and occasional travel may be necessary.
• Primarily computer-based work.
• Reliable internet connection and professional work environment expected.
• Ability to protect confidential information while working outside a company office is required.

TrueML is an equal opportunity employer. We promote, value, and thrive with a diverse and inclusive team.