TrueML is a mission-driven financial software company that aims to create better customer experiences for distressed borrowers. Consumers today want personal, digital-first experiences that align with their lifestyles, especially when it comes to managing finances. TrueML’s approach uses machine learning to engage each customer digitally and adjust strategies in real time in response to their interactions.
The TrueML team includes inspired data scientists, financial services industry experts and customer experience fanatics building technology to serve people in a way that recognizes their unique needs and preferences as human beings and endeavoring toward ensuring nobody gets locked out of the financial system.
What you will do
Position Summary
We are seeking a Sr. Security Engineer to lead the integration of security across the software
development lifecycle (SDLC). This role sits at the intersection of engineering, cloud infrastructure, and
application security, driving automation, scalability, and secure-by-default development practices.
You will design and implement security-first CI/CD pipelines, embed automated security testing, and
partner with engineering teams to ensure applications are built, deployed, and operated securely—at
scale
Key Responsibilities
Security Automation & CI/CD Integration (Core Focus)
• Embed security controls and scanners (SAST, SCA, DAST, IaC, Container Security) into CI/CD
pipelines
(GitHub Actions, Jenkins, GitLab CI, Azure DevOps)
• Design and maintain automated security workflows across build, test, and deploy stages
• Implement security gates, policy enforcement, and compliance checks within pipelines
Cloud Security (AWS Focus)
• Secure cloud-native architectures across AWS (IAM, VPC, ECS/EKS, Lambda, S3, API Gateway)
• Integrate and operationalize CNAPP/CSPM tools (e.g., Wiz, Prisma Cloud)
• Enforce least privilege access, secrets management, and runtime protections
What you bring
- An Experienced Defender: You bring 7-10 years in software engineering, DevOps, or cloud engineering. 3+ years in a DevSecOps focused role and a deep mastery of cloud security, vulnerability analysis, and incident response.
- A Cloud Specialist: You have demonstrable expertise in the AWS ecosystem and are highly proficient in securing Infrastructure as Code (Terraform) and containerized environments.
- Certified and Credentialed: You hold top-tier industry certifications (such as CISSP, SANS GIAC, or CASP) and have a firm grasp of compliance frameworks like PCI and ISO 27001.
- Technically Versatile: You are familiar with OWASP, proficient with modern security tooling, and have the ability to secure complex API integrations and data protection layers.
- AI-Aware: You understand the evolving landscape of AI regulations and have the technical curiosity to investigate how threat actors use AI to bypass traditional controls.
- A Strategic Partner: You are a natural collaborator who can translate complex InfoSec projects into simple, maintainable tasks for Engineering teams.
- An Elite Communicator: You can propose strategic methodologies to tackle legacy security debt and convince stakeholders of the business value of security-first design
Core Skills & Capabilities
• Deep expertise in CI/CD pipelines (GitHub Actions, Jenkins)
• Strong hands-on experience with AWS cloud security
• Proficiency in application security tooling and integration
• Experience with container security (Docker, Kubernetes)
• Strong scripting/programming skills (Python, JavaScript)
• Understanding of modern DevSecOps and shift-left security practices
• Excellent collaboration skills across engineering, security, and DevOps teams
Flexible vacation
Medical/dental/vision insurance
Traditional/Roth retirement savings options
Company-paid disability and life insurance
Flexible Spending Account & Limited FSA
Family-friendly parental leave, volunteer and voting time off
On-demand wellness platform access for you and 5 friends and family
PerkSpot discount program for 900+ merchants nationwide
This role supports a global, cross-functional business and operates primarily in a Remote-First environment. However, flexibility outside of standard business hours and occasional local or international travel may be necessary for global operations support, company meetings, training, offsites, and collaborative projects.
This position primarily involves computer-based work, requiring extended periods at a computer, participation in virtual meetings, and use of standard office technology. We will consider reasonable accommodations to enable individuals to perform the essential functions of the role.
Maintaining a reliable internet connection and a professional work environment is expected. The ability to protect confidential company, employee, customer, and business information while working outside of a company office is also required.
We collect personal information for employment purposes. We do not sell personal information. Most of the information we have is provided to us by you and/or collected as part of the employment process. For more details on how we use, share, and delete personal information see our Privacy Policy.
Dedication to Diversity & Inclusion
We are an equal opportunity employer. We promote, value, and thrive with a diverse and inclusive team. Different perspectives contribute to better solutions and this makes us stronger every day. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or other protected characteristics.
Skills Required
- 7-10 years in software engineering, DevOps, or cloud engineering
- 3+ years in a DevSecOps focused role
- Deep mastery of cloud security, vulnerability analysis, and incident response
- Demonstrable expertise in AWS (IAM, VPC, ECS/EKS, Lambda, S3, API Gateway)
- Experience securing Infrastructure as Code (Terraform, CloudFormation)
- Hands-on experience embedding security into CI/CD (GitHub Actions, Jenkins, GitLab CI, Azure DevOps)
- Proficiency with application security tooling (SAST, SCA, DAST) and container security tools
- Experience with CNAPP/CSPM tools (e.g., Wiz, Prisma Cloud)
- Experience with container technologies and orchestration (Docker, Kubernetes)
- Strong scripting/programming skills (Python, JavaScript)
- Familiarity with OWASP and securing APIs/data protection
- Knowledge of compliance frameworks such as PCI and ISO 27001
- Experience with secrets management, IAM, KMS, WAF and least-privilege enforcement
- Experience performing threat modeling and translating risks into engineering plans
- Industry certifications (CISSP, SANS GIAC, or CASP)
What the Team is Saying
TrueML Compensation & Benefits Highlights
-
Healthcare Strength — Medical, dental, and vision coverage are offered with multiple plan options, including HSA‑eligible choices, alongside FSAs and employer‑paid life, AD&D, and short/long‑term disability. Wellbeing resources such as a 24/7 EAP and a wellness coaching app further bolster the health package.
-
Leave & Time Off Breadth — Paid time off is described as generous or unlimited with paid holidays and volunteer days, and a remote‑friendly setup supports flexibility in taking time away. Paid parental leave for birth or adoption is also included.
-
Wellbeing & Lifestyle Benefits — Perks include a home‑office stipend, retailer discounts via PerkSpot, travel assistance, and recognition rewards, complementing core benefits. These additions support day‑to‑day convenience and remote productivity.
TrueML Insights
What We Do
TrueML makes financial technology that prioritizes customer experience and revolutionizes the experience of consumers seeking financial health. We’re a team of inspired data scientists, financial services industry experts, and customer experience fanatics creating experiences that serve people in a way that recognizes their unique needs and preferences as human beings and endeavoring to ensure nobody gets locked out of the financial system. After more than 10 years in business, TrueML is excited to be expanding its footprint internationally. We are a growing, geographically diverse team with employees in 30 U.S. states and 7 different countries, with our key talent hub in LATAM. If you’re looking for an opportunity to do impactful work, join TrueML and make a difference alongside hundreds of other inspired individuals.
Why Work With Us
Our functional teams are a diverse mix of employees from different backgrounds and geographies, with each individual bringing unique perspectives and experiences that encourage increased innovation in our products and services. Join TrueML and make a difference alongside hundreds of other inspired individuals doing impactful work.
Gallery
TrueML Offices
Remote Workspace
Employees work remotely.
TrueML is excited to be a remote-first company with team members across the US, Canada, and several countries in LATAM (Mexico, Argentina, Dominican Republic, and Costa Rica). Our teams frequently digitally collaborate & socialize across borders.
