DevSecOps Engineer

Coast is re-imagining the trillion-dollar U.S. B2B card payments infrastructure, with a focus on the country’s 500,000 commercial fleets, 40 million commercial vehicles, and many million commercial drivers. The incumbent technologies that cater to these customers are decades old, and drivers, fleets, and the merchants that serve them all increasingly demand modern digital experiences and affordable and transparent financial services products. Coast's mission is to deliver them at a transformational scale, and to improve working lives in one of the country’s biggest industry sectors. The company is backed by top fintech and mobility venture funds.

Coast is competing and winning with software, and we are building a world-class engineering team. This is a unique opportunity to get in on the ground level early on, contribute in myriad ways, drive foundational decisions and expand your impact as the business grows, have fun, and learn a ton in the process. If you’re practical and business-minded, smart and creative, and excited about the rewards and the energy of an early-stage venture-backed startup, we’d love to hear from you.

The DevSecOps Engineer is our first explicitly security-focused hire. In this role you will be an early member of the Platform Engineering organization, and help us mature a critical part of Coast. We value speed and flexibility, but accept the need for high standards for compliance and security. Doing it well is critical for our ability to execute.

Working directly with an enthusiastic and invested product team, you will help us stay on top of a wide array of areas, from network security and least-privilege permissions in the cloud to rationalizing our SIEM and code scanning posture, from partner information requests to SOC2 compliance, from vendor risk management to supply chain security. At the end of the day, we want to establish “paved paths” that allow us to minimize friction while ensuring security of our software. The role will work closely with the Compliance team, our General Counsel, and the CTO; this role reports to the Head of Platform.

We are hiring in NYC and the tri-state area only. Our NYC office is located in the heart of Manhattan’s SoHo neighborhood, benefiting from its vibrant creative energy. The whole company is in the office on average 4 days a week.

The DevSecOps Engineer will:

• Hold a high bar for security standards and help us establish best practices;
• Influence design and implementation of all aspects of our product, by acting as a sounding board and SME for our product managers and engineers;
• Work with our compliance team to ensure that we are able to successfully respond to requests from our partners and maintain our SOC2 certification;
• Improve scanning to ensure that risks in our codebase and cloud environment are identified, assessed, and remediated in a timely manner;
• Organize our permissioning system to ensure that the right people have appropriate access, and unnecessary people don’t;
• Help shape the engineering culture of the company by championing security practices;
• Maintain comprehensive documentation of the security infrastructure, policies, and procedures;
• Remain relentlessly pragmatic and balance the product velocity demand with the needs of a secure platform.

The DevSecOps Engineer must:

• Have 3+ years experience working with first-class engineering teams with a proven track record of continually improving their employer’s security posture;
• Have experience working directly with product engineers to incrementally improve our practices;
• Be proficient at automating tooling, whether it be using the shell or (preferably) a programming language such as Python or Javascript;
• Have experience with one of Terraform/CloudFormation/Pulumi/CDK since we treat our infrastructure as code;
• Deep hands-on knowledge and experience developing in the cloud (preferably AWS), especially IAM and SIEM, but also AWS networks;
• Be able to figure stuff out - the modern security space is deep and complex, and there are many ways of solving the same problem. You need to be able to go off on your own, research and design a solution, implement technical spikes, and then deliver it with the team;
• Have an owner mindset and continuously look for, notice, and implement improvements to our posture, because small continuous improvements matter;
• Keep a finger on the pulse of the industry - latest risks, trends in CICD, networking, phishing protections, and vendor landscape.

Compensation

Our salary ranges are based on paying competitively for our size and industry, and are one part of our total compensation package that also includes benefits, signing bonus, and equity. Pay decisions are based on a number of factors, including scope and qualifications for the role, experience level, skillset, and balancing internal equity relative to other Coast employees. We expect the majority of the candidates who are offered roles at Coast to fall healthily within the range based on these factors.

• Salary range: $110,000 - $130,000 annually
• Signing bonus
• Equity grant: commensurate with level determined at the discretion of the company, with meaningful potential upside given the company’s early stage
• Benefits overview:
• Medical, dental and vision insurance
• Flexible paid time off (vacation, personal well being, paid holidays)
• Tools to help manage your financial wellness, including webinars, access to an equity tax advisory service, and company-sponsored 401(k)
• Paid parental leave
• $400 accessories allowance (a keyboard, mouse, headphones, etc.)
• Education stipend
• Free lunch every Friday

About Coast

Coast is re-imagining the trillion-dollar U.S. B2B card payments infrastructure, with a focus on the country’s 500,000 commercial fleets, 10 million commercial vehicles, and 4 million commercial drivers.

Coast is founded and led by Daniel Simon, who previously cofounded Bread (breadpayments.com), a leading payments and credit technology firm backed by some of the world’s top VCs which was acquired for $500MM+ in 2020.

Coast has raised $165M in total funding — our recent $40M Series B equity round was led by ICONIQ Growth with participation from Thomvest, and Synchrony.We're also backed by top fintech and mobility venture funds – including Accel, Insight Partners, Better Tomorrow Ventures, Avid Ventures, Bessemer Venture Partners, BoxGroup, Foundation Capital, Greycroft, Colle – and premier angel investors – including Max Levchin (Affirm), Josh Abramowitz (Bread), Jason Gardner (Marqeta), William Hockey (Plaid), Ryan Petersen (Flexport), and many others.

Check out our CEO's recent podcast interview with Primary Venture Partners and last year’s product/market deep dive on Fintech Layer Cake with Coast Founder Daniel Simon!

Coast is committed to diversity, equity, and inclusion. We are building a diverse and inclusive environment, so we encourage people of all backgrounds to apply. We’re an Equal Opportunity Employer and do not discriminate on the basis of race, color, gender, sexual orientation, gender identity or expression, age, religion, disability, national origin, protected veteran status, or any other status protected by applicable federal, state, or local law.