OLarry is shaping the future of tax by integrating technology with tax expertise to enhance service delivery. They are seeking a software engineer who is passionate about automation and AI, with the goal of evolving into a security ownership role, focusing on quality assurance and compliance within the engineering team.
Responsibilities:
- Build AI-assisted testing workflows across our backend services, web apps, and integrations — generating, reviewing, and expanding coverage rather than writing every test by hand
- Own and mature our CI quality gates: what runs on every PR, what blocks a merge, what blocks a release — and keep raising the bar as the codebase grows
- Grow our end-to-end test coverage and kill flaky tests before the team learns to ignore them
- Turn recurring bugs and production issues into automated checks
- Evaluate AI-generated code and tests for correctness, maintainability, and security, and continuously improve the team's AI-assisted engineering workflows
- Review product changes for common security and privacy risks: authn/authz, access control, secrets, data exposure, injection, dependency risk
- Run our vulnerability workflows: dependency scanning, secret scanning, static analysis, triage, and remediation tracking
- Partner with engineers on secure defaults for sensitive customer data — tax documents, identity data, financial records — across services, storage, and third-party integrations
- Introduce lightweight threat modeling for new features while they're still on the whiteboard
- Partner with engineering leadership to build the technical foundations for SOC 2 readiness: controls, evidence collection, access reviews, incident response, and change management
- Help us meet the obligations that come with tax data (GLBA Safeguards Rule, IRS Publication 4557)
- Mature our secure development lifecycle and become the engineer the team trusts to balance speed with security and quality — helping teams ship safely rather than creating unnecessary friction
Requirements:
- Roughly 4–8 years of software engineering, test automation, or SDET experience with strong coding ability and comfort reading production code
- Real experience with automated testing and CI/CD: you've designed test strategy for a live product, not just executed someone else's
- Practical knowledge of modern web application security basics OWASP-level familiarity with auth, secrets, access control, injection, and dependency risk
- Heavy, genuine AI-tool usage for coding, testing, reviewing, or automation as a default, not an experiment — and you can show us
- Genuine interest in security and compliance, even if you haven't owned those areas before. Wanting to own an area — not just implement tickets — is the core of this role
- Startup judgment: you improve systems without creating unnecessary process, and you ship process improvements the way engineers ship code small, fast, iterated
- Clear communication with engineers, founders, and non-technical stakeholders
- Experience with modern test automation frameworks, static analysis and dependency-scanning tools, and mainstream CI/CD platforms
- Exposure to SOC 2 or similar compliance frameworks, access reviews, audit logs, or security questionnaires, at any depth
- Experience in fintech, tax, healthcare, or another trust-sensitive domain
- Experience testing AI-assisted or AI-generated code
- You write scripts and internal tools without being asked