Software Engineer - Security
moderntreasury · San Francisco
Candidature directe sur le site carrière de moderntreasury — sans créer de compte.
Recevez les prochaines offres comme celle-ci par email
Une alerte gratuite pour postuler avant la foule — les offres arrivent en direct des pages carrière. Désinscription en un clic.
À propos du poste
OVERVIEW
This position can be based out of San Francisco, New York, or remote (we accept candidates from the following states: AZ, CA, CO, CT, FL, GA, HI, IL, MA, MI, MN, MT, NC, NJ, NV, NY, OH, OK, OR, PA, TN, TX, UT, WA, WI).
Modern Treasury’s mission is to build the most trusted financial infrastructure for global money movement. We’re looking for a Security Engineer to design and strengthen the controls that protect our payment infrastructure. You’ll enable as well as build secure, compliant financial products while contributing directly to the reliability and automation of our security and infrastructure systems.
Modern Treasury is expanding deeper into money movement. We’re building new products that will let customers move funds across both traditional rails and emerging technologies, including stablecoins. You’ll help design, deploy and operate the security controls that make this possible and set the foundation for compliant, programmable money movement at scale.
This role is hands-on security engineering with heavy focus on automation.
ABOUT THE ROLE
This role focuses on application, product, and infrastructure security, and sits at the intersection of security, platform, payments engineering, and infrastructure. You’ll shape how Modern Treasury manages risk at scale and design the systems that make programmatic, compliant money movement possible. We are looking for someone who can influence security strategy, drive DevSecOps automation and contribute to architectural design.
Your work will ensure that as we grow into new products and payment rails, we continue to move fast while keeping trust, compliance, and safety at the core of our platform.
WHAT YOU’LL DO
Lead application security across our payment platform, including secure code review, threat modeling, and security architecture for new products
Own product security for new payment rails, including FBO account structures, stablecoin integration, and enhanced compliance features
Design and implement DevSecOps tooling and automation to improve security posture across CI/CD and infrastructure
Partner with engineering teams to embed security into the development lifecycle through automation, secure design patterns, and security champions
Drive security architecture decisions for customer-facing APIs, authentication systems, and data protection controls
Build monitoring and detection capabilities for application-layer threats, API abuse, and fraud patterns
Design infrastructure monitoring, automation, and remediation practices that keep our systems resilient and trustworthy
Compliance on the ownership and operation of SOC 2 controls, ensuring the systems you build map cleanly to control requirements and produce the evidence those controls depend on
Serve as the technical owner for the security controls and automated tests that evidence the systems you build in our GRC platform (Vanta), partnering with engineering teams to keep them accurate and audit-ready as part of our SOC 2, SOC 1, and PCI DSS programs
Coordinate with our independent external penetration testing provider to scope, schedule, and run the testing that satisfies our SOC 1, SOC 2, and PCI DSS requirements, and drive remediation of findings to closure
Own vulnerability management across our applications and infrastructure, triaging and prioritizing findings, partnering with engineering on remediation, and tracking closure within the timelines our policies and compliance programs require
Help design and operate encryption and key management practices across our platform, including key lifecycle and rotation, in line with our data protection controls and compliance requirements
Partner with Workplace Technology to evaluate and secure the deployment of enterprise integrations, AI capabilities (including MCP), and third-party tools
Influence technical strategy across Product, Platform, and Infrastructure teams on security and risk management
WHAT YOU SHOULD HAVE
Required Experience
6+ years in security engineering, with 3+ years focused on application and product security
Strong experience with:
Full-stack application security (frontend, backend, APIs)
Authentication and authorization systems and identity management
Infrastructure automation related to security (AWS, Docker, CI/CD pipelines)
Fraud detection, prevention, and abuse mitigation in payment or financial products
Secure SDLC practices and developer security tooling
Experience with incident response and security monitoring
Knowledge and experience with application security for Ruby on Rails, GraphQL, JavaScript, React, and containerized environments
Payments engineering experience, ideally including fraud prevention and risk controls in money movement systems
What Sets You Apart
2+ years in payments or fintech, with a deep understanding of money movement security challenges
Familiarity with compliance and regulatory standards for money movement, such as PCI DSS, BSA/AML, and KYC/KYB
Experience with payment processing security across ACH, wires, card networks, and emerging rails
Experience building controls for fraud detection, chargeback prevention, and abuse mitigation in payment systems
Experience integrating security into DevOps workflows (e.g., Buildkite, IaC, AWS security automation)
Experience with stablecoin security, blockchain integrations, or crypto payment rails
Track record of balancing pragmatic risk management with business velocity
Demonstrated ability to lead security initiatives across multiple teams without direct authority
TECHNOLOGIES WE USE
Ruby on Rails for our backend framework
React, GraphQL, and Tailwind CSS on the front end
Postgres for our database
AWS for infrastructure and hosting
Docker for containerization
Buildkite for continuous integration
RegTech and anti-fraud platforms
Vanta for compliance automation and continuous control monitoring
ABOUT MODERN TREASURY
Modern Treasury is the operating system for money movement. Our payments platform combines a suite of APIs and dashboards to help companies unlock new payments revenue, strengthen customer experiences, and drive efficiency through their business. Our end-to-end platform moves enterprises forward with faster payments, efficient workflows, full data visibility.
Modern Treasury is committed to equal employment opportunity and does not discriminate in any employment opportunities or practices based on an individual's race, color, creed, gender (including gender identity and gender expression), religion (all aspects of religious beliefs, observance or practice, including religious dress or grooming practices), marital status, registered domestic partner status, age, national origin or ancestry (including language use restrictions and possession of a driver’s license issued under California Vehicle Code section 12801.9), natural hair, physical or mental disability, political affiliation, medical condition (including cancer or a record or history of cancer, and genetic characteristics), sex (including pregnancy, childbirth, breastfeeding or related medical condition), genetic information, sexual orientation, military and veteran status or any other consideration made unlawful by federal, state, or local laws. It also prohibits unlawful discrimination based on the perception that anyone has any of those characteristics, or is associated with a person who has or is perceived as having any of those characteristics.
Modern Treasury participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.
Recevez les prochaines offres comme celle-ci par email
Une alerte gratuite pour postuler avant la foule — les offres arrivent en direct des pages carrière. Désinscription en un clic.