Senior Security Engineer

At January, we’re rebuilding consumer finance from the ground up. By personalizing interactions and optimizing decisions across all stages of consumer credit, we’re driving superior outcomes for both consumers and creditors, and making sure that credit is fair, accessible, and personal.

As a Senior Security Engineer, you'll set a new standard for security in an industry where trust is profoundly broken. Join at a rare inflection point: we've earned the hard-fought trust of leading financial institutions, and now you'll build the security foundation that scales this trust to tens of millions of consumers.

You'll architect dual trust — securing both consumer-facing experiences and bank-grade enterprise systems — while solving technical challenges that exist nowhere else: privacy-preserving data systems, multi-jurisdiction compliance automation, and AI-enabled decisioning. You'll shape security strategy and culture from the ground up with direct influence on company direction, proving your security work isn't overhead. It's the competitive moat that unlocks enterprise partnerships and enables market expansion.

• Embed security as a competitive advantage: Transforms January's security into product capabilities that banks choose us for, not just a compliance checkbox they tolerate. Unlocks Tier 1 partnerships and enterprise deals competitors can't close.

• Drive security-by-design across product and application development: Partners with product and engineering to identify and elevate critical risks before production, with deep focus on application security (frontend, Flask services, database). Embeds security into discovery and design while building secure-by-default patterns into development workflows. Accelerates product development through early engagement and clear guidance, not late-stage gate-keeping.

• Architect systems for bank-grade data protection: Designs and implements data classification, encryption, and access control meeting regulated client requirements. Establishes automated controls ensuring sensitive data never leaves authorized boundaries.

• Cultivate a security-first engineering culture: Influences engineering teams to adopt security-first thinking without sacrificing velocity. Leads incident response with clarity and urgency, ensuring January emerges from security events stronger through rigorous post-mortems.

• Scale compliance with minimal overhead: Maintains SOC 2, PCI-DSS, and financial compliance through automated systems. Builds infrastructure that auto-generates audit evidence and eliminates compliance bottlenecks.

• 6+ years in cybersecurity, 3+ years in application/data security or security engineering

• Hands-on building application-level security controls in cloud environments (AWS, Terraform, Snowflake)

• Track record implementing security that accelerates velocity, not blocks it

• Technical depth: secure coding (Python, JavaScript), infrastructure-as-code, CI/CD security

• Influences through partnership, decides rapidly despite uncertainty

• Translates technical trade-offs into business language

• Proficiency in common scripting and programming languages, such as Python, JavaScript, and Bash, is strongly preferred.

• Experience with compliance frameworks (SOC 2, PCI-DSS, bank security standards) preferred.

As a New York City-based company, we are dedicated to transparent, fair, and equitable compensation practices that reflect our commitment to fostering an environment where all team members are valued and supported. We encourage individuals from all backgrounds to apply.

We are an equal opportunity employer committed to diversity and inclusion in the workplace. We do not discriminate based on race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, age, veteran status, or any other legally protected characteristic.