Sr. Product Security Engineer

At Early Warning, we've powered and protected the U.S. financial system for over thirty years with cutting-edge solutions like Zelle, Paze, and more. As a trusted name in payments, we partner with thousands of institutions to increase access to financial services and protect transactions for hundreds of millions of consumers and small businesses.

Positions are located in Scottsdale, San Francisco, Chicago, or New York, following a hybrid work model to promote collaboration.

Candidates must independently possess the eligibility to work in the United States without Visa sponsorship.

This position collaborates with Project Management, Product Management, Product Development, and Engineering teams to enhance security in EWS products and services, aligning with industry standards. It is highly technical, leading Product Security initiatives, mentoring team members, and partnering with product teams to deliver secure, innovative products.

1. Lead development and implementation of application security architecture patterns, ensuring systems are correctly secured based on data and purpose.
2. Develop threat models, design security architectures, and promote their adoption across the company.
3. Document and communicate risks and security issues, assisting in mitigation strategies.
4. Drive and develop security patterns, guardrails, and technology integrations into software frameworks.
5. Design and implement security technologies, proof of concepts, and controls.
6. Integrate secure development lifecycle practices into product engineering.
7. Manage security analysis efforts for internally developed products and services.
8. Own and enhance EWS DevSecOps security strategies and posture, advocating for secure CI/CD pipelines.
9. Identify automation opportunities, develop integrations for security scans, and improve build/deploy pipelines.
10. Provide technical guidance on secure development and deployment practices.
11. Lead DevSecOps implementation efforts, addressing security requirements.
12. Architect and implement deployment pipelines using tools like Gitlab and Harness, ensuring compliance with security policies (ISO, PCI, OWASP, NIST).
13. Support risk management initiatives to protect system and data integrity.

• Bachelor's degree in Computer Science, Engineering, Math, or Physical Science.
• At least 6 years of related experience in application security, security architecture, consulting, or IT/security roles.
• Experience designing security for cloud-hosted and containerized workloads.
• Proficiency in security solutions addressing risk trade-offs, application security, threat modeling, and security architectures.
• Hands-on experience with cloud security technologies, Kubernetes, encryption, threat management, and infrastructure as code.
• Knowledge of programming languages such as Java, C/C++, Python.

• Over 2 years of experience with DevSecOps tools like Gitlab, Harness, container security.
• More than 4 years in DevOps, Product Security, or cybersecurity domains, with relevant certifications (e.g., CISSP, GWEB, GCSA, CKS).
• Deep understanding of cloud architectures (GCP, AWS, Azure), virtualization, threat modeling, cryptography, and authentication.
• Experience supporting products through lifecycle stages as a Product Security SME.
• Ability to work independently, prioritize, and implement security frameworks in automated environments.

Additional details about physical requirements, compensation, benefits, and equal opportunity policies are included in the full description.