Senior Information Security Engineer

Who we are:

We are a leader in fraud prevention and AML compliance. Our platform uses device intelligence, behavior biometrics, machine learning, and AI to stop fraud before it happens. Today, over 300 banks, retailers, and fintechs worldwide use Sardine to stop identity fraud, payment fraud, account takeovers, and social engineering scams. We have raised $145M from world-class investors, including Andreessen Horowitz, Activant, Visa, Experian, FIS, and Google Ventures.

Our culture:

• We have hubs in the Bay Area, NYC, Austin, and Toronto. However, we maintain a remote-first work culture. #WorkFromAnywhere

• We hire talented, self-motivated individuals with extreme ownership and high growth orientation.

• We value performance and not hours worked. We believe you shouldn't have to miss your family dinner, your kid's school play, friends get-together, or doctor's appointments for the sake of adhering to an arbitrary work schedule.

Location:

• Remote - US (From Home / Beach / Mountain / Cafe / Anywhere!)

• We are a remote-first company with a globally distributed team. So you can find your productive zone and work from there

About the role

We are seeking a highly motivated and experienced Information Security Engineer to join our growing team. In this role, you will be a critical defender of our infrastructure, responsible for building, maintaining, and operating the security systems that protect our company. You will tackle a wide range of security challenges, from ensuring regulatory compliance to responding to sophisticated threats, making a direct impact on the trust and safety of our platform.

What you’ll do

• Security Operations: Day-to-day management of security tools and systems; monitor security alerts, triage events, and escalate as necessary.

• Incident Response & Forensics: Act as a key member of the incident response team, leading technical investigation, containment, and eradication of security incidents. Conduct forensic analysis as needed.

• PCI Compliance: Drive and maintain our PCI DSS compliance program, working with auditors and internal teams to ensure all requirements are met.

• Vulnerability Management: Manage the lifecycle of vulnerabilities from discovery to remediation, utilizing scanning tools, prioritizing risks, and tracking patching efforts.

• Security Control Testing: Design and execute tests to validate the effectiveness of security controls and recommend improvements.

• Penetration Testing: Coordinate and/or perform penetration tests against applications, infrastructure, and networks to identify security weaknesses.

• Audit & Logging: Define audit logging requirements across our technology stack and conduct regular reviews of logs to detect anomalous or malicious activity.

• Threat Modeling: Proactively identify and assess threats to our applications and infrastructure by building and maintaining threat models.

• Secure Configuration: Develop and enforce security configuration standards and baselines for servers, cloud services, and endpoints.

• Architectural Review: Partner with engineering teams to review system architecture and new features, providing security guidance and ensuring secure-by-design principles are followed.

What you’ll bring

• 7+ years of hands-on experience in an information security or cybersecurity role.

• Demonstrated experience with PCI DSS standards, controls, and audit processes.

• Strong knowledge of vulnerability management principles and experience with tools like Nessus, Qualys, or OpenVAS.

• Proven experience in security operations, including hands-on experience with SIEM, EDR, and other security monitoring tools.

• Solid understanding of network security principles (e.g., firewalls, VPNs, IDS/IPS) and TCP/IP networking.

• Experience securing cloud environments such as AWS and GCP.

• Familiarity with incident response frameworks and experience handling security incidents.

• Proficiency in at least one scripting language (e.g., Python, Bash, PowerShell) for automation and analysis.

• Excellent communication and interpersonal skills, with the ability to effectively interact with technical and non-technical stakeholders.

Compensation: Base pay range of $105,000 - 135,000 USD + Series-C equity with tremendous upside potential + Attractive benefits

The compensation offered for this role will depend on various factors, including the candidate's location, qualifications, work history, and interview performance, and may differ from the stated range.

Benefits we offer:

• Generous compensation in cash and equity

• Early exercise for all options, including pre-vested

• Work from anywhere: Remote-first Culture

• Flexible paid time off, Year-end break, Self care days off

• Health insurance, dental, and vision coverage for employees and dependents - US and Canada specific

• 4% matching in 401k / RRSP - US and Canada specific

• MacBook Pro delivered to your door

• One-time stipend to set up a home office — desk, chair, screen, etc.

• Monthly meal stipend

• Monthly social meet-up stipend

• Annual health and wellness stipend

• Annual Learning stipend

• Unlimited access to an expert financial advisory

Join a fast-growing company with world-class professionals from around the world. If you are seeking a meaningful career, you found the right place, and we would love to hear from you.

To learn more about how we process your personal information and your rights in regards to your personal information as an applicant and Sardine employee, please visit our Applicant and Worker Privacy Notice.