Senior Information Security Engineer

Who we are:

We are a leader in fraud prevention and AML compliance. Our platform uses device intelligence, behavior biometrics, machine learning, and AI to stop fraud before it happens. Today, over 300 banks, retailers, and fintechs worldwide use Sardine to stop identity fraud, payment fraud, account takeovers, and social engineering scams. We have raised $145M from worldclass investors, including Andreessen Horowitz, Activant, Visa, Experian, FIS, and Google Ventures.

Our culture:

• We have hubs in the Bay Area, NYC, Austin, and Toronto. However, we maintain a remotefirst work culture. #WorkFromAnywhere

• We hire talented, selfmotivated individuals with extreme ownership and high growth orientation.

• We value performance and not hours worked. We believe you shouldnt have to miss your family dinner, your kids school play, friends gettogether, or doctors appointments for the sake of adhering to an arbitrary work schedule.

• Location:

  • Remote US (From Home Beach Mountain Cafe Anywhere!)

  • We are a remotefirst company with a globally distributed team. So you can find your productive zone and work from there

  • About the role

    We are seeking a highly motivated and experienced Information Security Engineer to join our growing team. In this role, you will be a critical defender of our infrastructure, responsible for building, maintaining, and operating the security systems that protect our company. You will tackle a wide range of security challenges, from ensuring regulatory compliance to responding to sophisticated threats, making a direct impact on the trust and safety of our platform.

    What you’ll do

    • Security Operations: Daytoday management of security tools and systems; monitor security alerts, triage events, and escalate as necessary.

    • Incident Response & Forensics: Act as a key member of the incident response team, leading technical investigation, containment, and eradication of security incidents. Conduct forensic analysis as needed.

    • PCI Compliance: Drive and maintain our PCI DSS compliance program, working with auditors and internal teams to ensure all requirements are met.

    • Vulnerability Management: Manage the lifecycle of vulnerabilities from discovery to remediation, utilizing scanning tools, prioritizing risks, and tracking patching efforts.

    • Security Control Testing: Design and execute tests to validate the effectiveness of security controls and recommend improvements.

    • Penetration Testing: Coordinate andor perform penetration tests against applications, infrastructure, and networks to identify security weaknesses.

    • Audit & Logging: Define audit logging requirements across our technology stack and conduct regular reviews of logs to detect anomalous or malicious activity.

    • Threat Modeling: Proactively identify and assess threats to our applications and infrastructure by building and maintaining threat models.

    • Secure Configuration: Develop and enforce security configuration standards and baselines for servers, cloud services, and endpoints.

    • Architectural Review: Partner with engineering teams to review system architecture and new features, providing security guidance and ensuring securebydesign principles are followed.

    • What you’ll bring

      • 7+ years of handson experience in an information security or cybersecurity role.

      • Demonstrated experience with PCI DSS standards, controls, and audit processes.

      • Strong knowledge of vulnerability management principles and experience with tools like Nessus, Qualys, or OpenVAS.

      • Proven experience in security operations, including handson experience with SIEM, EDR, and other security monitoring tools.

      • Solid understanding of network security principles (e.g., firewalls, VPNs, IDSIPS) and TCPIP networking.

      • Experience securing cloud environments such as AWS and GCP.

      • Familiarity with incident response frameworks and experience handling security incidents.

      • Proficiency in at least one scripting language (e.g., Python, Bash, PowerShell) for automation and analysis.

      • Excellent communication and interpersonal skills, with the ability to effectively interact with technical and nontechnical stakeholders.

      • Compensation: Base pay range of $105,000 135,000 USD + SeriesC equity with tremendous upside potential + Attractive benefits

        The compensation offered for this role will depend on various factors, including the candidates location, qualifications, work history, and interview performance, and may differ from the stated range.

        Benefits we offer:

        • Generous compensation in cash and equity

        • Early exercise for all options, including prevested

        • Work from anywhere: Remotefirst Culture

        • Flexible paid time off, Yearend break, Self care days off

        • Health insurance, dental, and vision coverage for employees and dependents US and Canada specific

        • 4% matching in 401k RRSP US and Canada specific

        • MacBook Pro delivered to your door

        • Onetime stipend to set up a home office — desk, chair, screen, etc.

        • Monthly meal stipend

        • Monthly social meetup stipend

        • Annual health and wellness stipend

        • Annual Learning stipend

        • Unlimited access to an expert financial advisory

        • Join a fastgrowing company with worldclass professionals from around the world. If you are seeking a meaningful career, you found the right place, and we would love to hear from you.

          To learn more about how we process your personal information and your rights in regards to your personal information as an applicant and Sardine employee, please visit our Applicant and Worker Privacy Notice.