SIEM & SecOps Dashboard: Stand up and operate our SIEM. Build out the SecOps dashboard that gives engineering, compliance, and leadership a real-time picture of our security posture — alerts, anomalies, auth events, infrastructure changes, and audit-ready evidence in one place. Internal Penetration Testing: Run continuous internal pentests against Coinflow services, APIs, infrastructure, and embedded SDKs. Use Claude Security and Claude Code to scale your coverage — automate reconnaissance, fuzzing, code review, and exploit development. Document findings, drive remediation, and measure mean-time-to-fix. Vulnerability & Dependency Management: Own the vulnerability lifecycle end-to-end. Triage CVEs across our npm, cargo, and other ecosystems. Build the automation that keeps packages patched without breaking production — including Dependabot tuning, lockfile hygiene, and gated auto-merge for low-risk upgrades. Secure Development Lifecycle: Monitor and improve how we ship code. Define secure-by-default patterns for new services, review threat models for high-risk changes, integrate SAST/DAST/secret scanning into CI, and make the secure path the fast path for engineers. Compliance Partnership: Work alongside our compliance function to produce the evidence, controls, and monitoring artifacts that PCI DSS, SOC 2, ISO 27001, and DORA auditors need — without turning engineering into a paperwork shop.
4+ years in a security engineering, product security, or DevSecOps role, ideally at a fintech, payments company, or other regulated environment Strong hands-on offensive skills — you've broken real systems, not just run scanners. Comfortable with web app, API, cloud, and infrastructure pentesting Production experience operating a SIEM (Datadog, Splunk, Elastic, Panther, or similar) and building dashboards that engineers actually use Fluency in TypeScript/Node and at least passing comfort with Rust, Go, or Python — enough to read our code, find bugs in it, and write the tooling to find more Experience with vulnerability management at scale: CVE triage, SCA tooling, dependency upgrade automation Comfort working with AI-native tooling (Claude Code, Claude Security, or similar) as a daily driver — or genuine excitement to start A bias toward shipping. We'd rather have a working v1 of a control today than a perfect v3 next quarter.
The base salary range for this role is $145,000 to $195,000 USD. The actual base salary offered depends on a variety of factors, including but not limited to experience, education, skills, qualifications and business needs. In addition, the employee who fills this role will be eligible for an equity grant, allowing you to share in the long-term success of the company. You will also have access to a wide array of benefits, in
Map For Jobs — Web3行业的求职地图