🛠 Tech Stack

💼 About This Role

You'll own vulnerability management end-to-end on a three-person security team and be the security partner for every department adopting AI. Your core impact will be keeping patching, scanning, and remediation cycles ahead of an industry curve where time-to-exploitation has collapsed. You'll also integrate LLM-based code review into the CI/CD pipeline for a venture-backed fintech company.

🎯 What You'll Do

• Triage and coordinate remediation of vulnerabilities across SAST, SCA, DAST, CSPM, etc.
• Integrate LLM-based code review into the CI/CD pipeline.
• Act as security point of contact for teams adopting AI tools and agents.
• Define and maintain guardrails for enterprise AI use.
• Run internal penetration testing, red team exercises, and threat hunting.

📋 Requirements

• 3+ years of hands-on security experience in vulnerability management, appsec, or pentesting
• Operating proficiency with SAST, SCA, DAST, and external reconnaissance tooling
• Hands-on AWS cloud security with Kubernetes and container security
• Working knowledge of CI/CD pipelines and security gate integration

✨ Nice to Have

• Experience evaluating or securing AI/ML tools in an enterprise setting
• CISSP or OSCP certification
• Familiarity with AI-specific risks (prompt injection, OWASP LLM Top 10)

🎁 Benefits & Perks

• 🏥 100% employer-paid health and dental premiums
• 📈 Employee stock option plan
• 🍱 Bi-weekly catered lunches and Friday bar
• 🚗 $20/day commuter benefit for HQ days
• 🌴 Annual retreats and social calendar

📨 Hiring Process

Estimated timeline: 2-4 weeks · AI estimate

1. 1Phone Screen· 30 min
2. 2Technical Interview· 1 hour
3. 3Team Interview· 1 hour
4. 4Offer· 1 week

🚩 Heads Up

• Three-person security team may lead to burnout
• Requires AI tool usage daily, which might not suit all candidates
• Multiple responsibilities spanning vuln management, AI, pentesting, vendor security