Senior Information Security Engineer

About Us

We are a leader in fraud prevention and AML compliance. Our platform uses device intelligence, behavior biometrics, machine learning, and AI to stop fraud before it happens. Today, over 300 banks, retailers, and fintechs worldwide use Sardine to stop identity fraud, payment fraud, account takeovers, and social engineering scams. We have raised $145M from world-class investors, including Andreessen Horowitz, Activant, Visa, Experian, FIS, and Google Ventures.

Our Culture

We have hubs in the Bay Area, NYC, Austin, and Toronto. However, we maintain a remote-first work culture. #WorkFromAnywhere We hire talented, self-motivated individuals with extreme ownership and high growth orientation. We value performance and not hours worked. We believe you shouldn't have to miss your family dinner, your kid's school play, friends get-together, or doctor's appointments for the sake of adhering to an arbitrary work schedule.

Location

Remote - US (From Home / Beach / Mountain / Cafe / Anywhere!) We are a remote-first company with a globally distributed team. So you can find your productive zone and work from there

About the Role

We are seeking a highly motivated and experienced Information Security Engineer to join our growing team. In this role, you will be a critical defender of our infrastructure, responsible for building, maintaining, and operating the security systems that protect our company. You will tackle a wide range of security challenges, from ensuring regulatory compliance to responding to sophisticated threats, making a direct impact on the trust and safety of our platform.

What You'll Do

• Security Operations: Day-to-day management of security tools and systems; monitor security alerts, triage events, and escalate as necessary.
• Incident Response & Forensics: Act as a key member of the incident response team, leading technical investigation, containment, and eradication of security incidents. Conduct forensic analysis as needed.
• PCI Compliance: Drive and maintain our PCI DSS compliance program, working with auditors and internal teams to ensure all requirements are met.
• Vulnerability Management: Manage the lifecycle of vulnerabilities from discovery to remediation, utilizing scanning tools, prioritizing risks, and tracking patching efforts.
• Security Control Testing: Design and execute tests to validate the effectiveness of security controls and recommend improvements.
• Penetration Testing: Coordinate and/or perform penetration tests against applications, infrastructure, and networks to identify security weaknesses.
• Audit & Logging: Define audit logging requirements across our technology stack and conduct regular reviews of logs to detect anomalous or malicious activity.
• Threat Modeling: Proactively identify and assess threats to our applications and infrastructure by building and maintaining threat models.
• Secure Configuration: Develop and enforce security configuration standards and baselines for servers, cloud services, and endpoints.
• Architectural Review: Partner with engineering teams to review system architecture and new features, providing security guidance and ensuring secure-by-design principles are followed.

What You'll Bring

• 7+ years of hands-on experience in an information security or cybersecurity role.
• Demonstrated experience with PCI DSS standards, controls, and audit processes.
• Strong knowledge of vulnerability management principles and experience with tools like Nessus, Qualys, or OpenVAS.
• Proven experience in security operations, including hands-on experience with SIEM, EDR, and other security monitoring tools.
• Solid understanding of network security principles (e.g., firewalls, VPNs, IDS/IPS) and TCP/IP networking.
• Experience securing cloud environments such as AWS and GCP.
• Familiarity with incident response frameworks and experience handling security incidents.
• Proficiency in at least one scripting language (e.g., Python, Bash, PowerShell) for automation.

Compensation

• Salary: $150K - $175K
• Employment Type: FullTime