Senior Security Engineer

The Senior Security Engineer will be responsible for building and maintaining robust security systems that protect January's data-driven debt collection platform and our customers' sensitive financial information. Working in a highly regulated fintech environment, you'll help ensure January remains the most secure and compliant platform for debt collection operations.

Our work centers on three key areas:

• Building products with security and privacy by design

• Protecting sensitive financial data across all systems and processes

• Enabling January's growth in the regulated financial services industry

Data Security & Privacy:

• Design and implement scalable data protection solutions, including encryption, tokenization, and data masking for financial data across our platform

• Support and enforce data classification, labeling, and handling policies aligned with financial regulations and business requirements

• Manage data loss prevention (DLP) systems and lead incident response for data exfiltration or unauthorized access events

• Collaborate with Engineering and Compliance teams to secure data at rest, in transit, and in use across AWS, Snowflake, S3, and PostgreSQL environments

Product Security:

• Partner with product and engineering teams to build secure authentication interfaces and access control mechanisms

• Evaluates and executes on opportunities that leverage AI to improve our security posture and processes

• Supports secure development of data and AI driven projects

• Build security-focused application primitives and integrate them into existing Python/JavaScript/TypeScript applications

• Design and deploy platform-level mitigations to common security vulnerabilities

• Lead remediation of security issues across our technology stack, collaborating with engineers to triage and fix vulnerabilities

Compliance & Risk Management:

• Perform risk assessments and threat modeling for data-related systems and financial workflows

• Partner with Compliance and Legal teams to ensure audit readiness for SOC 2, PCI-DSS, and financial regulatory requirements

• Monitor emerging security threats in the fintech space and recommend technical controls to mitigate risk

• Maintain detailed documentation of security architecture, standards, and controls

DevSecOps & Infrastructure:

• Integrate security controls into application and data development workflows

• Collaborate with Infrastructure teams to secure cloud-based systems and data stores

Required:

• Bachelor's degree in Computer Science, Cybersecurity, or related field, or equivalent work experience

• 7+ years of experience in cybersecurity with at least 2 years focused on data security or application security

• Hands-on experience with data protection technologies (encryption, DLP platforms, tokenization/masking tools)

• Strong understanding of financial data privacy regulations and security frameworks

• Experience with cloud platforms (AWS preferred) and securing cloud-based data stores (S3, RDS, Snowflake)

• Proficiency in Python, JavaScript, and secure coding practices

• Ability to write and review infrastructure-as-code (Terraform preferred) and scripting (Python, Bash)

• Excellent communication skills with ability to translate technical security risks into business language

• Self-motivated problem-solver who can work independently and manage competing priorities

Preferred:

• Experience with compliance frameworks including SOC 2, PCI-DSS, and financial services regulations

• Background in fintech, financial services, or other regulated industries

• Experience with authentication and authorization systems in customer-facing applications

• Familiarity with Node.js and PostgreSQL security best practices

• Previous experience in incident response and security operations