Staff Software Engineer, Security

About Super.com

We started Super.com to help maximize lives – both the lives of our customers and the lives of our team – so that everyone can experience all that life has to offer. For our employees, our promise is that Super.com is more than just a job; it’s an opportunity to unlock one’s potential, where learning is celebrated and impact is realized.

We are more than a fast-paced, high-growth tech company; we care about our people and take career progression seriously. This is your career and our aim is to supercharge it through the people, the work, and the programs that fuel who we are.

About the role

We're looking for a Staff level Security Engineer to join our Security & Privacy team. You'll act as a company-wide subject matter expert and key advocate for the security of our product. Along with executing individually, you'll directly manage and mentor a small group of engineers. You'll operate within an Agile team, collaborate with engineering and IT leadership to influence strategy, and be directly accountable  for meaningfully improving the security of our product. You’ll operate with significant autonomy when setting direction and executing on work.  You'll act as a technical mentor across the engineering organization to advance the company's security skills. This role is primarily a mix of strategic and hands-on work, with some people management responsibility, and  reports to the Senior Director of Infrastructure within the Engineering department, and collaborates closely with the Head of IT.

About the team

The Security & Privacy team at Super.com is a cross-functional Mission-Aligned-Team composed of both engineering and IT security professionals. We're responsible for application security, incident response, customer privacy, controls compliance, and security-operations. We work closely with product engineering to find and resolve vulnerabilities, leverage the latest in AI technologies, and act as the trusted point of contact for all security questions. 

About you 

You’re an experienced application Security Engineer with the technical depth and breadth to raise our security org to the next level. You thrive in fast, remote, ambiguous, high-initiative, high-ownership environments. You're interested in both defining strategy and executing on it. You’re capable of diving deep into architecture, code, and infrastructure to drive meaningful improvements. You’ve led or mentored other engineers and are comfortable being the company’s authority on technical security decisions. You communicate clearly, collaborate across teams, influence across functions, and have high standards for technical excellence. 

• Driving accountability and ownership of application security concerns company-wide, ensuring the resolution of findings, and meeting strategic objectives. 
• Directly manage 1-2 software security engineers including security interns.
• Identify, scope, prioritize, and often individually execute on high-impact security work. Mentor and unblock members of your team and core product software engineers outside the team.
• Architect complex security solutions and contribute to our long term security roadmap.
• Deliver continuous business value through AppSec, DevSecOps and other security project work. This includes coding, deployment, incident response, evangelization, and long term adoption.
• Act as a trusted point of contact for security questions and issues, owning the process of responding to and ensuring the remediation of security-related inquiries and incidents.
• Monitor industry trends and major security developments, ensuring we're quick to respond.

• We use a state of the art architecture powered by Node and Python microservices and React frontend
• We use Postgres for storage, Redis for caching, and Snowflake for our data warehouse
• We use Gitlab for version control and CI/CD, and our infrastructure is hosted on AWS, making use of Kubernetes, RDS, etc
• We invest heavily in monitoring and automated alerting using Datadog
• We use Amplitude, Hotjar, and LogRocket for client-side metrics and experimentation
• We use Material-UI and maintain our own component library, using Figma for mock-ups
• We integrate with a multitude of third-parties to support our compliance, risk, and security policies

• 8+ years experience in hands-on, senior, and highly autonomous security roles embedded in an engineering or software development related department.
• Hands-on experience securing web applications, designing secure solutions, and providing meaningful security feedback to engineering design documentation and code reviews.
• Have contributed meaningfully to company-level security strategy and owned security programs end-to-end (e.g., SDLC security, vulnerability management, threat modeling).
• Desire to directly manage and mentor a small group (1-3) of security software engineers.
• Have played a significant role in hiring for security professionals.
• Strong written and verbal communication skills.
• Experience working with functional leaders, product management, engineers, IT, and non-technical business staff.
• Independently executed on a broad range of security initiatives spanning infrastructure security, application security, and automating business controls.

• Bug Bounty or other Red-Team vulnerability hunting finds
• Recently worked at a fast-paced startup, scaleup, or B2C app-first company
• Deep familiarity with Datadog APM or other application insight tools
• Experience with our specific stack: AWS, Kubernetes, Python + FastAPI, React, Postgres, Kafka, Redis
• Experience with the fintech industry and its specific threats and regulations
• Experience acting as a thought leader regarding common IT Security concepts such as endpoint protection, SIEM best practices, and insider threat detection/prevention

At Super.com, we believe in supporting our team so they can thrive—both at work and in life.

-Remote-First Flexibility: Work from anywhere in the world and choose the hours that suit you best. We trust you to get great work done on your terms.

-Time to Recharge: Enjoy unlimited PTO, company-wide recharge days, and annual team offsites.

-Everyday Perks: Weekly UberEats credits and travel discounts on SuperTravel help you enjoy the little things.

-Family-Friendly Benefits: We support growing families with generous parental leave and a flexible return-to-work plan.

-Comprehensive Compensation: Competitive salary, equity options, and top-tier benefits starting on day one.

-Investing in You: Access to wellness budgets, personal development funds, and team-level learning resources.

And that’s just the beginning. Visit our careers page to explore the full range of perks and benefits we offer.

Super.com is an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Accommodations are available on request for candidates taking part in all aspects of the selection process. If needed, please notify our Talent Acquisition Partner.