Back to jobs

Senior Security Engineer

Loancrate
Remote Remote - Unknown
$150k - $220k (est.) +18% vs avg
Posted Mar 02, 2026
Apply on himalayas

Leaving for himalayas in 10s

About This Role

Key Technical Requirements and Skills: - Expertise in application security, cloud security, identity, and compliance - Proficiency in building and maintaining security tooling and automation (SAST/DAST, dependency scanning, container scanning, SBOM management, secret detection) - Experience in hardening AWS environments (IAM, VPC, secrets management, audit logging, DDoS protection) - Ownership of SOC 2 Type II program and incident response management - Establishing and maintaining a secure software development lifecycle Team/Project Information: - The role is part of a remote fintech company, Loancrate, that builds AI-native tools to automate mortgage workflows. Unique/Notable Aspects: - The Senior Security Engineer will lead and drive the company's overall security posture. - The role involves managing third-party and vendor security risk, as well as identity and access infrastructure. Salary/

Loancrate is a remote fintech company that builds AI-native tooling to automate mortgage workflows. We're looking for a Senior Security Engineer to lead and drive our security posture, build security tooling and automation, and maintain a secure SDLC.

Requirements

  • Lead and drive Loancrate’s security posture across application security, cloud security, identity, and compliance
  • Perform regular threat modeling, vulnerability assessments, and penetration testing
  • Build and maintain security tooling and automation: SAST/DAST, dependency scanning, container scanning, SBOM management, and secret detection integrated into CI/CD
  • Harden our AWS environment: IAM, VPC boundaries, secrets management (AWS Secrets Manager), audit logging, GuardDuty, Security Hub, KMS key management, and DDoS protection
  • Own our SOC 2 Type II program - design practical controls, automate evidence collection where possible, manage the auditor relationship, and drive continuous improvement
  • Lead or coordinate incident response for security events - runbooks, postmortems, and clear communication to customers and leadership when needed
  • Establish and maintain a secure SDLC - lightweight design reviews, threat modeling in planning, and developer enablement (training, docs, examples) that scales
  • Maintain a risk register - tracking identified threats, ownership, and remediation status so nothing falls through the cracks
  • Partner with Operations on endpoint and device security: laptop hardening, MDM policy, hardware key rollout, and offboarding access revocation
  • Manage third-party and vendor security risk, including due diligence for new integrations and annual reviews of existing vendors
  • Own identity and access infrastructure: SSO, MFA enforcement (including hardware key policies), SCIM provisioning, and access reviews
  • Contribute to security documentation, internal runbooks, and team education - you make the secure path the easy path

Benefits

  • Generous Paid Time Off
  • 401k Matching
  • Retirement Plan
  • Relocation Assistance
  • Four Day Work Week
  • Generous Parental Leave
  • Tuition Reimbursement

Originally posted on Himalayas

Source: https://himalayas.app/companies/loancrate/jobs/senior-securi...