Sr. Product Security Engineer

At Early Warning, we've powered and protected the U.S. financial system for over thirty years with innovative solutions like Zelle, Paze, and more. As a trusted leader in payments, we collaborate with thousands of institutions to enhance access to financial services and secure transactions for millions of consumers and small businesses.

Positions are available in Scottsdale, San Francisco, Chicago, or New York, following a hybrid work model to foster collaboration.

Candidates must be eligible to work in the U.S. independently, without visa sponsorship.

This role involves consulting with Project Management, Product Management, Product Development, and Engineering teams to develop and improve security in EWS products, aligning with industry standards. It is a highly technical position leading product security initiatives, mentoring team members, and collaborating closely with product teams to deliver secure, innovative products.

1. Lead development and implementation of application security architecture patterns, ensuring systems are within appropriate security zones based on data and purpose.
2. Develop threat models, design security architectures, and publish reference implementations to promote company-wide adoption.
3. Document and communicate risks impacting confidentiality, integrity, and availability, and develop mitigation solutions.
4. Drive the creation of security patterns and guardrails within software frameworks and technology stacks.
5. Design and implement security technologies and proof-of-concept security controls.
6. Integrate secure development lifecycle practices into product engineering processes.
7. Manage security analysis efforts for all internal products and services.
8. Own and enhance EWS DevSecOps security strategies, advocating for secure-by-default CI/CD pipelines.
9. Identify automation opportunities, develop integrations for security scans, and improve build and deployment pipelines.
10. Provide technical guidance on secure development and deployment practices.
11. Lead the implementation of DevSecOps methodologies, addressing security requirements.
12. Architect and implement deployment pipelines using tools like Gitlab and Harness, ensuring compliance with security frameworks.
13. Support risk management initiatives to protect system and data integrity and confidentiality.

• Bachelor's degree in Computer Science, Engineering, Math, or Physical Science.
• At least 6 years of related experience in application security, security architecture, consulting, or IT/security roles.
• Experience designing security for cloud-hosted products and containerized workloads.
• Proven ability to implement security solutions balancing risk and business needs.
• Background in application development or software security, with expertise in threat modeling and control implementation.
• Deep knowledge of operating systems, applications, networks, and database security architectures.
• Familiarity with integrating security into CI/CD pipelines and automation tools.
• Hands-on experience with cloud security technologies, Kubernetes, encryption, threat management, and IaC.
• Ability to work with technical and business stakeholders to design secure solutions.
• Proficiency in programming languages such as Java, C/C++, or Python.

• Over 2 years of experience with DevSecOps tools like Gitlab, Harness, and container security.
• More than 4 years in DevOps, Product Security, or cybersecurity domains, including vulnerability management and system hardening.
• Certifications such as CEH, CISSP, CSSLP, GWEB, GCSA, CKS, AWS Solutions Architect, or similar recognized credentials.
• Experience with security testing tools (SAST, SCA, runtime testing).
• In-depth knowledge of cloud architectures (GCP, AWS, Azure), virtualization, and enterprise security standards.
• Experience supporting products through lifecycle stages as a Product Security SME.
• Strong understanding of threat modeling, cryptography, authentication, and authorization.
• Proficiency with automation in DevOps and CI/CD pipelines, and enterprise architecture collaboration.
• Ability to prioritize, work independently, and navigate highly automated environments.

Note: The above description is not exhaustive. Employees may perform other duties as assigned.

Work is primarily sedentary, involving extensive computer use, sitting, and occasional physical activity. Must be able to lift 10 pounds and communicate effectively. The role requires the ability to perform essential functions with or without reasonable accommodation.

The salary range is $160,000 - $185,000 annually, depending on location and experience. Compensation includes potential bonuses and benefits.