Job Closed
This listing is no longer active.
The all-in-one financial platform trusted by millions of consumers to make money better.
Security and Threat Operations Engineer
Location
United States
Posted
98 days ago
Salary
$140K - $190K / year
Seniority
Senior
Job Description
Security and Threat Operations Engineer
OnePay
• Build and tune detections, alerts, and monitoring workflows across cloud, application, identity, and edge environments. • Review traffic patterns across APIs, authentication flows, and WAF telemetry to identify malicious activity, abuse patterns, and anomalous behavior. • Use AI responsibly as a force multiplier for triage, analysis, and workflow automation, while helping define guardrails for AI-enabled systems. • Help operate OnePay’s vulnerability management program by triaging, prioritizing, and driving remediation for findings from Wiz, vulnerability scanning, and related workflows. • Develop Python-based tooling and automation to improve investigations, enrichment, response, and operational scale. • Partner with Product Security to translate threat models, security reviews, and product risks into production detections and response playbooks. • Investigate security events end to end, including triage, scoping, containment support, and follow-through on remediation. • Support vulnerability management and operational security practices in ways that align with PCI and SOC 2 expectations. • Participate in proactive threat hunting, detection improvement, and a 24x7 security incident response on-call rotation.
Job Requirements
- 5+ years of experience in information security, threat detection, security operations, detection engineering, or incident response, ideally in a cloud-native or product-focused environment.
- Strong experience investigating suspicious activity in web, API, authentication, and infrastructure telemetry, with the ability to distinguish attacker behavior from normal production noise.
- Demonstrated ability to review traffic and event patterns for signs of malicious activity, fraud, account abuse, credential attacks, reconnaissance, and exploitation attempts.
- Strong Python programming skills and the ability to write maintainable code for automation, enrichment, analysis, and security operations tooling.
- Experience building and tuning detections in a SIEM or detection platform and working with observability and logging systems such as CloudWatch, Datadog, or similar platforms.
- Experience operating or supporting a vulnerability management program, including triage, prioritization, remediation tracking, and stakeholder coordination.
- Familiarity with cloud and application security findings from platforms such as Wiz, including CNAPP, runtime, code, and vulnerability scanning use cases.
- Experience with at least one major cloud provider, preferably AWS.
- Working knowledge of identity and access systems, modern authentication flows, and the security implications of internet-facing applications and APIs.
- Strong understanding of threat modeling, risk prioritization, and practical security controls across applications, infrastructure, and cloud environments.
- Practical experience using AI tools in security workflows, along with sound judgment about AI-specific risks such as prompt injection, data leakage, excessive tool access, and weak auditability.
- Excellent analytical, communication, and cross-functional collaboration skills, especially in environments where security needs to move quickly with product and engineering teams
Benefits
- Competitive base salary and stock options
- Health benefits effective from Day 1
- 401(k) plan with company match
- Remote-friendly (US), flexible time-off (FTO), paid parental and caregiver leave
- Generous stock option packages in an early-stage, high-growth fintech
- A high-growth, mission-driven, inclusive culture where your work has real impact
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Security Architect
LillyLilly is a global biotechnology and pharmaceuticals healthcare company. Founded by Colonel Eli Lilly in 1876, the company is based in Indianapolis, Indiana, and maintains a strong
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world. What You'll Be Doing As a Security Architect, you will serve as a technical lead for security consulting engagements, threat modeling initiatives, and third-party security assessments. You will develop threat models, security architectures, and reference patterns — including for cloud and hybrid environments — while providing guidance on secure design principles. This role involves close collaboration across teams to integrate security into the development lifecycle and evaluate vendor security posture. You will also leverage AI-powered tools to enhance the efficiency and depth of security assessments. How You'll Succeed - Technical expertise: Deep domain knowledge across security engineering, threat modeling, cloud architectures, application security, and third-party risk management. Ability to use AI tooling to accelerate and improve security work. - Strategic thinking: Ability to develop reference architectures and integrate complex systems across on-premises and cloud environments, balancing security risk with business enablement. - Consultative approach: Provide expert security guidance to teams, stakeholders, and external vendors throughout assessment engagements, including evaluating and advising on the secure use of AI platforms. - Leadership: Lead technical initiatives and architecture reviews while mentoring junior security professionals. - Innovation: Actively promote cloud-native security patterns and the responsible adoption of AI technologies across teams. - Communication: Translate complex security concepts and technical risk findings into clear, business-friendly language for executive stakeholders and audiences with different technical backgrounds. Key Responsibilities - Develop and conduct threat modeling exercises across application, infrastructure, and cloud environments using established frameworks (MITRE ATT&CK, STRIDE, NIST 800-53, ISO 27001) - Create and maintain security architectures and design patterns, including cloud and hybrid reference architectures - Conduct security architecture reviews for internal initiatives, new technologies, and third-party vendors. - Perform third-party security assessments, including vendor questionnaire reviews, SOC 2 evaluations, and risk acceptance documentation - Leverage AI tools and technologies to streamline assessment workflows, analyze vendor documentation, identify risk patterns, and improve assessment quality and consistency - Provide security consulting services across the organization, enabling business objectives while clearly communicating risk - Develop and document security best practices, standards, and guidance — including responsible AI tool usage in security workflows - Lead security briefings and workshops; mentor junior security engineers and drive adoption of security standards Your Basic Qualifications - High Schol Diploma/GED - Expertise in threat modeling and security architecture across cloud (AWS, Azure, GCP), SaaS, and hybrid environments - Experience in security consulting, risk assessment, and third‑party cyber risk management, including SOC 2 and HIPAA evaluations - 7+ years of experience in cybersecurity or a related field - Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization or visas for this role now or in the future, including but not limited to F-1 CPT, F-1 OPT, F-1 STEM OPT, J-1, H-1B, TN, O-1, E-3, H-1B1, or L-1. What You Should Bring - Bachelor's degree in Computer Science, Information Security, or related field preferred - Experience with or willingness to adopt AI tools for document analysis, risk summarization, and pattern identification; understanding of AI/ML security considerations - Knowledge of Zero Trust principles and major security frameworks (MITRE ATT&CK, STRIDE, NIST 800-53, ISO 27001) - Excellence in technical documentation and executive-level risk communication - Experience mentoring, collaborating across teams, and engaging stakeholders at varying levels of technical expertise - Project management and strategic planning skills - Commitment to continuous learning and professional development, including staying current on developments relevant to cybersecurity Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response. Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status. Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups. Actual compensation will depend on a candidate’s education, experience, skills, and geographic location. The anticipated wage for this position is $126,000 - $246,400 Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees. #WeAreLilly
Sr. Cybersecurity Engineer - Cloud
VisaVisa is a world leader in payments technology, facilitating transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories, dedicated to uplifting everyone, everywhere by being the best way to pay and be paid. At Visa, you'll have the opportunity to create impact at scale — tackling meaningful challenges, growing your skills and seeing your contributions impact lives around the world. Join Visa and do work that matters – to you, to your community, and to the world. Progress starts with you.
Company Description Founded by experienced entrepreneurs and engineers in 2016, Pismo is a technology company that provides a comprehensive processing platform for banking, card issuing and financial market infrastructure and helps customers innovate and build the next generation of banking and payment solutions. Pismo joined Visa in 2024. Leveraging Visa’s solutions, our core platform, and an expanding suite of capabilities, Pismo addresses the technological challenges that large banks, marketplaces, and fintech companies face in migrating from legacy systems to more advanced technology in the market. Pismo’s cloud-based platform empowers firms to build and launch financial products rapidly, scaling as they grow to have a broader audience while keeping high security and availability standards. Pismo’s 500+ employees are located in more than 10 countries around the world. Job Description The Cybersecurity Engineer – Cloud is responsible for designing, implementing, and operating security controls that protect cloud‑native platforms and workloads across public cloud environments (AWS, Azure, GCP). The role partners closely with engineering, DevOps, and architecture teams to ensure cloud services are secure by design, compliant with regulatory requirements, and resilient at scale. This position combines hands‑on engineering, security architecture, and risk‑based decision‑making within complex, distributed, and regulated environments. In addition to cloud security responsibilities, this role provides security oversight and engineering support for AI‑enabled capabilities used across the Pismo platform. The engineer ensures that adoption of Artificial Intelligence and Large Language Models (LLMs) is aligned with Visa security controls, Pismo data‑protection principles, and global regulatory expectations. This is a remote position. A remote position does not require job duties be performed within proximity of a Visa office location. Remote positions may be required to be present at a Visa office with scheduled notice. Qualifications Basic Qualifications: 5+ years of relevant work experience with a Bachelor’s Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters, MBA, JD, MD) or 0 years of work experience with a PhD, OR 8+ years of relevant work experience. Preferred Qualifications Experience operating in regulated or high‑availability environments is strongly preferred. Multicloud Security Expertise (Core Requirement) Proven ability to design, review, and implement security controls across multicloud environments, including: Cloud Identity and Access Management (IAM), least‑privilege access, and workload identity Network segmentation, service‑to‑service authentication, and mTLS Cloud encryption models and key management (KMS, HSM, certificate authorities) Experience with Cloud Security Posture Management (CSPM) and misconfiguration detection. Understanding of cloud‑native logging, monitoring, and detection capabilities Infrastructure, Container & Platform Security Hands‑on experience securing: Kubernetes and container platforms Container image scanning and runtime security Infrastructure‑as‑Code (Terraform, CloudFormation, ARM) Ability to embed security controls into CI/CD pipelines and platform guardrails. Familiarity with configuration‑drift detection and continuous compliance. Application & Data Protection Strong understanding of: API security (OAuth/OIDC, token‑based auth) Application‑level encryption, tokenization, and hashing Data protection across storage, database, and file‑system layers Ability to support secure software development lifecycle (SSDLC) practices, including SAST, SCA, and SBOM Risk, Compliance & Governance: Working knowledge of security and compliance frameworks such as PCI DSS, ISO 27001, SOC 2, GDPR, or NIST. Ability to translate security findings into risk‑based recommendations for engineering and leadership. Experience partnering with architecture, risk, and compliance teams Tools, Technologies & Certifications (Preferred): Experience with cloud‑security tooling (e.g., CSPM, container security, IAM platforms). Cloud or security certifications are preferred but not mandatory, including: CCSK / CCSP AWS, Azure, or GCP Security certifications CISSP or equivalent Continuous learning mindset aligned with evolving multicloud security practices. Deep Knowledge of LLM Platforms (Mandatory) Demonstrated hands‑on and architectural knowledge of enterprise‑grade AI and LLM platforms, including: Anthropic Claude OpenAI (ChatGPT, GPT APIs, enterprise offerings) Comparable LLM providers and managed AI services This includes understanding: Platform security models and shared‑responsibility boundaries API‑based consumption vs managed SaaS usage Enterprise controls for data handling, logging, and access enforcement Additional Information Work Hours: Varies upon the needs of the department. Travel Requirements: This position requires travel 5-10% of the time. Mental/Physical Requirements: This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers. Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law. Visa will consider for employment qualified applicants with criminal histories in a manner consistent with applicable local law, including the requirements of Article 49 of the San Francisco Police Code. U.S. APPLICANTS ONLY: The estimated salary range for this position is 145,300.00 to 232,700.00 USD per year, which may include potential sales incentive payments (if applicable). Salary may vary depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for bonus and equity. Visa has a comprehensive benefits package for which this position may be eligible that includes Medical, Dental, Vision, 401 (k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness Program. - Job Family Group: Engineering and Technology
Principal Security Engineer
AspirionRevenue Cycle Management Services | Advanced Technology, Top Talent, Optimal Revenue Results
• Act as hands-on technical lead for Cloud Security engineering • Own the Cloud Security engineering roadmap and operating cadence • Provide hands-on technical leadership for security engineering initiatives end-to-end • Build and mature Zero Trust controls • Establish logging, detection, and response engineering • Lead technical incident response for cloud and identity events • Own cloud vulnerability management and secure configuration • Implement data security and governance controls • Drive endpoint and device security strategy • Own secure SDLC and CI/CD controls for cloud/platform delivery using GitHub • Own Cloud Security outcomes end-to-end • Partner with GRC/Compliance to translate requirements into implementable technical controls • Manage security tooling and service relationships • Establish the team’s operational model • Mentor and level-up engineers and administrators
Manager, Cybersecurity Fusion Center
Alkami TechnologyAlkami is the digital sales and service platform provider for financial institutions in the US.
• Lead, develop, mentor, and manage the activities of security analysts and individual contributors for the Alkami Cybersecurity Fusion Center team. • Execute and improve the core functions of the SOC, including threat detection and prevention, analysis, incident response, systems and network security monitoring, investigations, and data leakage prevention. • Oversee SIEM processes for monitoring, investigative techniques, use case development, monitoring dashboards, and health checks for optimization and assurance of logging all required devices. • Research, develop, and maintain industry knowledge of new tools, techniques, industry best practices (CIS, CSA, NIST), and process improvements for the detection, analysis, and response to new and emerging security threats. • Develop and publish security operational metrics and dashboards and provide input to departmental KPI's and performance goals. • Own and improve key operational measures including MTTD and MTTR, using those metrics to drive performance, process refinement, and team accountability. • Manage detection engineering priorities including alert tuning, use case development, detection coverage, and false positive reduction across core security platforms. • Maintain and operationalize threat intelligence feeds to improve detection logic, triage quality, and response effectiveness. • Participate as required during oversight activities by outside regulators, auditors, clients, and other stakeholders as appropriate. • Partner with senior members of the Offensive Security team to ensure focus on testing, verifying, and validating existing security controls. • Manage the vulnerability management program and partner across the organization to drive remediation, accountability, and risk reduction. • Ensure security analysts investigate and respond to cybersecurity incidents and alerts following established playbooks and documented procedures. • Drive continuous improvement of security playbooks, alerting logic, false positive reduction, and reporting to improve operational effectiveness. • Provide recommendations based on emerging threats, threat intelligence, and observed trends to improve Alkami’s defensive posture and response readiness. • Partner with Tier II analysts, Security Engineering, and other internal teams as necessary to diagnose problems, resolve time-critical issues, and improve response capability.




