Self Financial, Inc.Remote
Senior Information Security Engineer
United States of America
Full-time
3 weeks ago
$100,000 - $148,000 USD
No H1B
Key skills
Application securityVulnerability managementSOC 2 compliancePCI complianceGitLab SASTSecure software developmentRisk assessmentThird-party vendor assessmentsCloud-native architecturesSecurity certificationsCommunication skillsCollaboration skillsGitLabCommunication
About this role
Self Financial is a venture-backed, high-growth FinTech company with a mission to increase economic inclusion and financial resilience by empowering people to build credit and build savings. The Senior Information Security Engineer is responsible for owning application security across all Self products, protecting customer data, ensuring compliance with SOC 2 and PCI requirements, and collaborating with engineering teams to manage security risks throughout the software development lifecycle.
Responsibilities:
- Own end-to-end application security for all Self products
- Conduct and manage vulnerability scanning, triage, and remediation tracking using security tools (e.g., SAST)
- Partner closely with engineering and product teams to remediate critical security findings
- Lead and perform third-party vendor security reviews and risk assessments
- Support SOC 2 and PCI compliance efforts, including audit preparation and evidence collection
- Identify application-level security risks and recommend mitigation strategies
- Help embed secure-by-design practices into product development processes
- Monitor emerging application security threats and recommend appropriate controls
Requirements:
- Strong experience in application security, product security, or software security engineering
- Experience with application security scanning using GitLab SAST
- Hands-on experience with vulnerability management tools and remediation workflows
- Knowledge of secure software development practices and common application vulnerabilities
- Experience supporting or operating within SOC 2 and PCI compliance environments
- Ability to partner effectively with engineering teams to drive security outcomes
- Strong risk assessment, prioritization, and communication skills
- Experience performing third-party vendor security assessments
- Familiarity with cloud-native application architectures
- Prior experience in fintech, regulated industries, or environments handling sensitive customer data
- Security certifications (e.g., CISSP, CSSLP, GWAPT) or equivalent experience