Later
Senior Security Engineer
Rol remoto de Security Engineering con fit claro de ubicación del candidato.
Publicado12 jul 2026
Países elegibles2 países aceptados
Señal de senioritySenior
Modelo de trabajoRemoto
Ubicaciones aceptadas para candidatos
CanadáEstados Unidos
Resumen del rol
Senior Security Engineer
Requisitos y responsabilidades
Contenido del rol extraído en secciones para revisar más rápido.
What you'll be doing:
- Assess and continuously improve Later's overall security posture across applications, infrastructure, cloud environments, corporate systems, vendor tooling, and business workflows.
- Define and implement scalable security standards, best practices, and guardrails that support SOC 2 readiness through practical, automated, and auditable solutions.
- Partner with Engineering, Infrastructure, IT, Product, Legal, People, Finance, and business leaders to align security priorities with company goals, risk reduction, and delivery timelines.
- Translate SOC 2 and related compliance requirements into sustainable technical and operational controls, procedures, and evidence collection practices.
- Identify security gaps across the company, prioritize remediation efforts, and help teams make pragmatic, risk-based decisions.
- Support company-wide security awareness, secure operating practices, and adoption of security controls across business teams.
Technical Execution
- Build and maintain internal security tools, automation, and services that support secure development, compliance workflows, vulnerability management, corporate security operations, and operational visibility.
- Design and implement security controls within CI/CD pipelines, including secure build and deploy patterns, security scanning, dependency management, container scanning, and secret management.
- Support application security efforts, including secure design reviews, threat modeling, code review guidance, API security, microservices security patterns, and remediation planning.
- Improve cloud infrastructure and corporate systems security through hardening, monitoring, configuration review, Infrastructure-as-Code security scanning, access reviews, and secure operational patterns.
- Collaborate with technical and business teams to identify vulnerabilities and control gaps, explain impact clearly, and drive effective remediation.
- Strengthen security observability and response readiness through logging, alerting, detection engineering, incident response improvements, and company-wide security process maturity.
Collaboration & Enablement
- Partner with teams across the company to identify, understand, and fix security issues in a collaborative, non-blocking way.
- Provide pragmatic security guidance on designs, implementations, vendor tools, operational practices, and business workflows.
- Communicate security risks, tradeoffs, and recommendations clearly across technical and non-technical audiences.
- Embed security into development workflows, corporate systems, and company operating practices without slowing teams unnecessarily.
- Support SOC 2 and related compliance efforts through automation, well-defined controls, reliable evidence practices, and cross-functional coordination.
What success looks like:
- Within the first 90 days, you've completed a security posture assessment, identified the highest-priority gaps, and have a remediation roadmap that's been reviewed and socialized with key stakeholders across Engineering, IT, and Leadership.
- By 6 months, core SOC 2 controls are documented, automated where possible, and evidence collection is running reliably without manual heroics from any single team.
- Security is embedded into Later's CI/CD pipelines, with scanning, secret management, and container security integrated and maintained as a standard part of the development lifecycle.
- Teams across Engineering, IT, and the business have a clear point of contact for security questions, a shared understanding of the risk landscape, and security guidance that helps them move faster, not slower.
- Later's security observability has materially improved: logging, alerting, and detection coverage are in place, and the company has a documented, practiced incident response process.
What you bring:
- 5-7+ years of experience as a Security Engineer or Software Engineer with a strong security focus.
- Proven ability to build and operate production-quality software, automation, and internal tooling.
- Strong understanding of application security, infrastructure security, cloud security, secure CI/CD practices, and corporate security controls.
- Hands-on experience with vulnerability management, secure software development, threat modeling, remediation workflows, and operational security improvements.
- Experience with security frameworks and standards such as OWASP, NIST, CIS Controls, SOC 2, and ISO 27001, and the ability to apply them in production and business environments.
- Experience supporting SOC 2 compliance efforts through practical, automated, and auditable controls.
- Familiarity with cloud security platforms such as AWS Security Hub, Azure Security Center, or GCP Security Command Center.
- Experience with SIEM/SOAR tools, logging and monitoring platforms, detection workflows, and practical incident response processes.
- Experience with Infrastructure-as-Code security scanning for tools such as Terraform or CloudFormation.
- Ability to translate complex security concepts into clear, actionable guidance for technical and non-technical audiences.
- Experience collaborating closely with engineering, IT, compliance, and business teams to improve security outcomes.
- Familiarity with C#, modern backend systems, cloud-native architecture, and SaaS business tooling.
How you work:
- Driven by Impact: You deliver results that matter, prioritizing high-value work, meeting deadlines, and adapting quickly while keeping outcomes clear.
- Strategic & Customer-Centric: You anticipate risks and opportunities, connect decisions to long-term growth, and build trust through proactive insights.
- Curious & Growth-Oriented: You seek knowledge, ask sharp questions, and apply learnings fast, challenging the status quo with a mindset of improvement.
- Collaborative & Resilient: You thrive in change by staying resourceful, solution-focused, and positive, removing roadblocks, sharing insights, and keeping morale high.
- Accountable & Honest: You own your work, hold yourself and others to a high bar, and use transparent feedback to drive growth.
- Emotionally Intelligent: You build trust through empathy and collaboration, foster inclusion, and inspire others with grit, optimism, and integrity.
Roles similares
Mantén una lista de respaldo.
Stack
Usa estas tags para comparar roles remotos similares.
Elegibilidad de ubicación
Candidatos deberían aplicar solo cuando el país del perfil aparece aquí.
Tu perfilPaís no definidoInicia sesión para comparar tu país con este rol.
Flujo de contratación
WithMira muestra el rol y luego envía candidatos a la aplicación de la empresa.
1Revisa fit del rol, stack y elegibilidad de ubicación en WithMira.
2Abre la página de aplicación de la empresa desde el link rastreado.
3Guarda el rol o suscríbete a oportunidades similares antes de salir.