Lead Security Engineer

Hey there! We are Jump, AI for Financial Advisors. We are growing super fast, have a culture of kindness and ownership, and we’re looking for someone who is absolutely obsessed with security take ownership of it here at Jump.

About you

• You love security. It’s what you are all about and you are very very good at it.
• You are very motivated and proactive and can get a lot done every day.
• You love coding and are excited to learn Elixir. You really want to find and fix security vulnerabilities in an Elixir/Phoenix codebase.
• You are very pleasant to work with and people feel better about themselves after interacting with you.

What you’ll do

• Provide guidance, training, and tools to developers on secure coding principles, common vulnerabilities, and secure design patterns.
• Analyze, fix, and test vulnerabilities.
• Do code reviews, audit and analyze source code for vulnerabilities.
• Monitor the security industry for new developments.
• Evaluate, recommend, and implement security tools and technologies to improve our application security posture.
• Conduct threat modeling exercises for new and existing applications and systems.
• Ensure systems and processes adhere to relevant security standards, regulations (e.g., ISO 27001, SOC 2, GDPR, HIPAA), and internal policies.
• Implement and manage security controls for cloud environments (e.g., AWS, GCP), including identity and access management (IAM), network security, and data protection.
• Maintain comprehensive documentation for security processes, tools, and configurations.

What success looks like after 12 months

• Major vulnerabilities are found
• SOC 2 Type II report continues to be delivered with zero high‑risk exceptions.
• Mean‑time‑to‑detect (MTTD) < 15 min and mean‑time‑to‑resolve (MTTR) < 2 hrs for priority‑1 security events.
• ≥ 90 % of employees complete annual security training and phishing tests.
• Security is a documented, automated part of CI/CD (build fails on critical vulns).
• Our largest enterprise customers cite security as a strength in renewals.

Nice‑to‑haves: experience with multi‑tenant data isolation, SAML/SCIM integrations, or selling to regulated industries (FinTech, HealthTech, GovTech).

Compensation & benefits

Base salary: $170 k – $260 k USD

Benefits: Health/dental/vision, 401k (no match yet)

Time‑off: Flexible PTO with manager approval

Gear: Top‑spec laptop, stipend for home office/security hardware

Hiring process (2–3 weeks total)

• Homework assignment — Takes about 1hr
• Intro call (30 min) — with CTO.
• Paid Trial week — Come work with us for a week and see how you like it
• Team member intros & Reference checks
• Offer

Other info:

• We buy the subscriptions you need (Cursor.ai, ChatGPT, etc)
• We’re a small and efficient dev team
• We’re growing gangbusters. All revenue-backed, super low churn.
• Raised a $20M Series-A a few months ago
• HQ based in SLC, Utah
• Remote friendly, must be based in the USA

• Have 5+ years hands‑on security engineering in cloud‑native (AWS/GCP/Azure) product environments.
• Can demonstrate end‑to‑end ownership of at least one compliance framework (SOC 2, ISO 27001, HIPAA, PCI DSS, etc.).
• Are fluent in modern DevSecOps tooling (Terraform, Kubernetes, GitHub Actions, OIDC/OAuth).
• Write code well enough to build internal tooling or fix a critical bug (we use Elixir & Terraform).
• Communicate complex risks in plain language to engineers, execs, and customers.
• Are comfortable being a “team of one” at first and progressively hiring/mentoring teammates.