Requirements

• You Put Customers First, Always. You care deeply about delivering meaningful value. Whether you're building internal systems or customer-facing features, you're always thinking about how to make life better for our users
,
• You Act Like an Owner. You take responsibility for outcomes, step up to challenges, and seek solutions proactively—doing what’s best for the business, not just your role
,
• You Think Big and Move Fast. You’re energized by building from 0 to 1. You’re not afraid to challenge the status quo, experiment quickly, and learn as you go
,
• You Constantly Learn and Grow. You’re hungry to improve your craft and open to feedback. You bring a growth mindset to everything you do
,
• You Raise the Bar. You care about doing things well and efficiently. You balance speed with rigor and always look for ways to improve how we work
,
• You Win as a Team. You’re a generous collaborator who values communication, context, and shared wins. You lift others up and help make the team stronger
,
• Strong background in security, authentication, infrastructure, and cloud technologies, including vulnerability management and threat detection/remediation
,
• Familiarity with integrating security practices into CI/CD pipelines, ideally using tools such as Buildkite
,
• Understanding of Infrastructure as Code (IaC) security, particularly with Terraform
,
• Knowledge of compliance frameworks such as SOC 2 and ISO 27001
,
• Experience with risk assessment and management in cloud environments, as well as network monitoring and intrusion detection/prevention
,
• Hands-on experience with vulnerability scanning tools and methods for identifying, prioritizing, and remediating vulnerabilities
,
• Strong grasp of common security vulnerabilities (e.g., OWASP Top Ten) and security testing techniques
,
• Experience with Auth0 and Okta for user management, SSO, and MFA
,
• Familiarity with implementing and managing IAM policies, RBAC, and user lifecycle best practices
,
• Experience securing PostgreSQL databases (access control, encryption, auditing)
,
• Proficiency in Python for scripting, automation, and API integrations, including developing and maintaining security automation tools
,
• You can explain complex technical problems in simple terms, adapting your communication for different stakeholders
,
• You understand the business context and how your role supports the company’s vision and strategy
,
• You’re strategic yet detail-oriented, capable of balancing long-term goals with immediate tactical execution
,
• You ruthlessly prioritize competing demands and manage multiple responsibilities effectively
,
• You’re curious and committed to continuous learning, seeking to understand the “why” behind every solution and engaging thoughtfully in technical discussions
,
• You adapt quickly to change and maintain focus in a dynamic, evolving environment
,
• At Float, you’ll thrive if you’re bold, curious, and eager to make a real impact. We're building something special—and having a lot of fun along the way. If you’re excited to build, grow, and win together, we’d love to meet you

What the job involves

• At Float, everyone is an owner, bringing their unique perspective to our team and product
,
• Your voice is important, and we take having a culture based on feedback seriously
,
• We openly share our thoughts and differing opinions so we can continue to improve
,
• We do our best to keep our decision-making decentralized so that all team members feel ownership in our success
,
• Float is building modern financial tools for businesses, and security is at the heart of earning customer trust
,
• As a Senior Security Engineer, you’ll help us build and enforce the guardrails that let Float ship fintech features faster and with confidence
,
• You’ll lead initiatives that turn “tooling installed” into controls enforced and measured, working hands-on across Float’s infrastructure tool stack.
,
• This role combines technical depth with a builder’s mindset
,
• You’ll design secure patterns for infrastructure and application teams, automate evidence for PCI DSS 4.0 and SOC 2, and reduce risk through practical, measurable controls
,
• You’ll partner closely with Platform, Engineering, IT, and Risk & Compliance to make security part of how Float operates every day
,
• Owning and improving AWS and GitHub security guardrails, including IAM, OIDC, network segmentation, and CI/CD hardening
,
• Leading automation for vulnerability management and cloud posture using our security tools and infrastructure-as-code
,
• Partnering with developers to embed secure SDLC practices, including dependency scanning, secret management, and threat modeling for high-risk features
,
• Helping mature endpoint and identity security while ensuring full coverage and strong baselines
,
• Tuning and expanding detection and response capabilities, developing playbooks, alert pipelines, and response automation
,
• Contributing to evidence automation for PCI DSS 4.0 and SOC 2, ensuring “compliance by default.”
,
• Championing security metrics that matter: coverage, time-to-remediate, and control effectiveness

• Competitive coverage of medical, dental and vision insurance for employees
,
• Education & learning stipend for personal growth and development
,
• Flexible vacation time
,
• Work from home stipend to help you succeed in a remote environment