Staff Security Engineer

Codat helps banks, FI's and fintechs create stronger, data-driven relationships with their business customers. Our platform makes it easy for banks to access, synchronize, and interpret data from customers' financial software, enabling critical use cases such as supplier onboarding for commercial card and virtual card programs, accounting automation and underwriting business loans.

We empower the world's largest financial institutions, banks and fintechs to grow their share of wallet, reduce churn, and scale operations efficiently. Codat is backed by leading investors, including JP Morgan, Canapi Ventures, Shopify, Plaid, Tiger Global, PayPal Ventures, Index Ventures, and American Express Ventures.

We are looking for a Staff Security Engineer to lead and shape security across our product, platform, and infrastructure. You'll own the end-to-end security lifecycle, from vulnerability management and secure development practices to cloud defense and client assurance. This role combines strategic oversight with hands‑on execution and collaboration across engineering, product, compliance, and customer teams.

• Lead vulnerability management, triage bug bounty reports, overseeing penetration tests.
• Drive security into the development lifecycle, including: threat modeling, SecureSDLC, and CI/CD hardening.
• Own code repository and infrastructure security, ensuring access controls and least privilege.
• Manage DNS, SSL, and Cloudflare configurations, including WAF and DDoS protections.
• Monitor and respond to alerts through SIEM and DLP tools.
• Partner with the Information Security Director to deliver on contractual security requirements, attestations and audits.
• Assess third‑party supplier security posture and ensure compliance with SOC2/ISO27001.
• Enable client-facing security features (SSO, mTLS, Auth0 best practices).
• Maintain public and internal security documentation and provide compliance evidence to clients/auditors.

• Extensive experience in application, cloud, and infrastructure security.
• Strong knowledge of CI/CD, SecureSDLC, and modern DevOps practices.
• Expertise in identity and access management, network security, and cloud platforms.
• Familiarity with SOC2/ISO27001 or similar compliance frameworks.
• Exceptional communication skills for engaging both technical teams and clients.

• Experience in the .net ecosystem (ideally C#).
• Understanding of IaC including terraform.
• CEH/CREST or similar penetration testing certification.
• Experience working in Azure/AWS SaaS environments