The Security Engineer will focus on ensuring the security and integrity of AffiniPay's systems by working closely with IT Operations, Sales, and Privacy teams. This role will be responsible for improving security operations within AWS environments, providing technical leadership in incident response, data protection, and security best practices. The SE will also assist with product security initiatives, providing thought leadership for continuous improvement and supporting data privacy initiatives, such as DLP, data mapping, and classification. This role will require experience in incident, problem, and change management, and will work closely with other engineering teams to ensure seamless security integration across systems. What You'll Do * AWS Security Operations * Manage and maintain security across AffiniPay's AWS infrastructure, focusing on identifying vulnerabilities, reviewing security findings, and recommending areas of improvement to protect sensitive data and maintain compliance. * Technical Leadership & Mentorship * Provide technical guidance and mentorship to the team of Information Security practitioners, offering strategic insight on operational security, cloud security, and application security. Lead efforts to mature the security posture across systems. * Collaboration & Product Security * Work with IT Operations and Sales teams to support product security questions, provide security guidance for customer engagements, and ensure product innovations meet strict security standards. * Data Privacy & Protection * Collaborate with the Privacy Operations team to assist with data mapping, data loss prevention (DLP), data scanning, and data classification efforts. Support ongoing initiatives to ensure the security and privacy of sensitive data and compliance with privacy regulations. * Incident Response & Forensics * Lead incident response activities, including investigation, forensic analysis, and remediation of security incidents. Ensure that the incident response process aligns with best practices and business objectives. * Process Improvement & Service Maturation * Evaluate technical solutions to business challenges, provide thought leadership to drive continuous improvements, and establish comprehensive system documentation. Support project management through status reporting and change management processes, representing changes via the Change Advisory Board (CAB). * Secure Development Lifecycle Integration * Collaborate with Dev teams during the architecture and design phases to embed secure coding practices. Perform threat modeling, secure code reviews, and guide remediating vulnerabilities uncovered by tools like Snyk, GitHub secret scanning, and ASV scans. Collaborate with the Security-focused Quality Engineer to define and validate application-layer security controls. Provide input into secure test planning, support test case prioritization based on compliance obligations (PCI, SOC 2, HIPAA), and ensure that identified vulnerabilities are remediated, tested, and closed out in accordance with business risk tolerances. * Security Tooling and Automation * Maintain and tune security tooling (e.g., Snyk, CrowdStrike, AWS Security Hub/GuardDuty). Integrate findings into Jira for tracking and support prioritization workflows with Engineering. * Policy, Governance, and Risk Management * Collaborate with the Compliance team to define security policies, participate in control reviews for audits (SOC 2, PCI), and contribute to the organization's risk register by identifying, escalating, and mitigating technical security risks. * M&A and New Product Integration * Participate in due diligence and onboarding efforts for M&A targets and new product initiatives. Guide risk posture, data handling, and architectural security design. About You * 5-7 years of experience in security engineering or related roles, with a focus on cloud security, incident response, and data protection. * Hands-on experience with AWS security, including vulnerability management, security operations, and cloud security best practices. * Experience leading technical teams, guiding efforts across Incident, Problem, and Change Management frameworks. * Strong experience in incident response and forensics, with proven skills in managing security breaches and mitigating risks. * Certifications such as CISSP, CISM, CISA, CCSP, GSEC, or CEH are preferred. Preferred Skills & Competencies * Cloud Security Expertise * Deep understanding of AWS cloud infrastructure, with the ability to secure cloud assets, monitor systems, and remediate vulnerabilities efficiently * Secure SDLC & CI/CD Experience * Proven experience integrating security into modern DevOps and CI/CD pipelines (e.g., GitHub Actions, Jenkins, CircleCI) * Familiarity with security tools like Snyk, GitHub Advanced Security, Trivy, or SonarQube, with the ability to triage, prioritize, and remediate code vulnerabilities across multiple languages * Ability to define security gates, write custom rules or policies, and collaborate with Engineering to enforce pipeline controls without disrupting velocity * Experience generating and maintaining SBOMs and ensuring OSS components are tracked for licensing and vulnerability exposure * Infrastructure Security & Cloud Engineering Integration * Deep familiarity with securing AWS environments, especially around IAM, networking, and monitoring (CloudTrail, GuardDuty, Security Hub) * Ability to review Terraform/IaC templates, evaluate for security misconfigurations, and influence DevOps to integrate least privilege and audit-friendly configurations * Understanding of AWS Key Management Service (KMS), encryption at rest and in transit, and service hardening best practices * Communication * Ability to communicate complex security issues effectively to technical and non-technical stakeholders, including Sales, Privacy, and IT Operations teams * Must have strong skills in translating security risks into business language * Cross-Functional Engineering Enablement * Comfortable acting as a bridge between InfoSec, Dev, DevOps, and Product teams, translating risk and compliance requirements into engineering solutions * Experience contributing to or leading threat modeling exercises, working upstream with architecture and design teams * Mentorship & Leadership * Strong ability to mentor junior engineers, providing guidance on technical security issues, best practices, and strategic initiatives * Data Protection & Privacy * Experience supporting data privacy initiatives, including DLP, data classification, and compliance efforts related to SOC 2, PCI DSS, and HIPAA Key Outcomes for Success * Enhanced AWS Security Posture * Improve security monitoring, vulnerability detection, and remediation within AWS, ensuring the environment is hardened against threats and aligned with compliance requirements * Secure CI/CD Pipelines * Establish and monitor security controls in CI/CD workflows, including vulnerability gating, secrets scanning, and pipeline hardening for all core services and brands * Infrastructure Security Maturity * Drive adoption of AWS Security Hub, IAM least privilege, and remediations identified in platform-level security scans (e.g., header injection, TLS cipher updates) * Code Risk Reduction * Lead Snyk-based remediation efforts, ensuring 95%+ resolution of critical vulnerabilities within SLA and proactive communication with Engineering stakeholders * Incident Response Leadership * Lead and enhance AffiniPay's incident response efforts, ensuring timely and effective responses to security events while minimizing disruption to business operations * Data Privacy Alignment * Collaborate with Privacy Operations to ensure that data mapping, DLP, and data classification initiatives are successful in safeguarding sensitive information and meeting compliance requirements * Cross-Functional Security Guidance * Provide critical security expertise to Sales, IT Ops, and other teams, ensuring that AffiniPay's products and services meet the highest security standards and are prepared for market challenges.