Senior Security Operations Engineer

About the Company:

Xformative Payment Systems is seeking a hands-on Senior Security Operations Engineer to help secure and scale our platform. XPS is at the cutting edge of the Fintech industry, specializing in cloud-native payment processing solutions. XPS is a late stage start up that was conceptualized, established, and owned by Total Administrative Systems Corp (TASC) a benefit TPA to offer card based and payment product capabilities associated with healthcare and benefits. The business has new leadership and is entering its growth phase and will be expanding beyond its current markets.

At XPS, every member of our small, agile team can drive and create impactful work. Our flexible and fully remote work setup allows you to balance your professional and personal life seamlessly while contributing to our exciting growth journey.

Position Summary:

The Senior Security Operations Engineer will own day-to-day security operations across our cloud infrastructure and application workloads while partnering closely with our CTO and Information Security & Risk Officer. We’re looking for someone who not only identifies risks, but actively helps solve them through automation, collaboration, and implementation.

Position Responsibilities: 

1. Detect, Protect, and Respond (Hands-On Security Operations)

1. Own day-to-day security operations for AWS-based cloud and serverless workloads including threat detection, alert triage, incident response, forensics, and post-incident learning.
2. Build and tune detections and automations (SIEM rules, SOAR/runbooks, detection-as-code) to reduce MTTA/MTTR and eliminate noisy alerts.

2. Secure our delivery pipelines & runtime

1. Harden CI/CD and software supply chain, and drive “secure by default” patterns in our SDLC.
2. Lead cloud/serverless hardening (IaC reviews, policy-as-code, least privilege IAM design, network segmentation).

3. Raise the bar across the organization (beyond prod)

1. Partner with DevOps and Engineering teams to evolve identity & access, endpoint/EDR posture.
2. Coordinate vulnerability management end-to-end: scanning, prioritization, remediation, and reporting.
3. Contribute to security governance (policies, standards, tabletop exercises, BCP/DR inputs) and support compliance efforts (e.g., SOC 2/PCI DSS).

4. Influence, automate, and measure

1. Build security tooling and integrations for engineers, acknowledging that ease of use and low friction will encourage adoption and adherence.
2. Define metrics/KPIs and regularly communicate risk & progress to engineering and leadership.
3. Mentor engineers on secure design and champion a positive, enablement-first security culture.
4. Participate in architecture and threat modeling discussions to identify security risks early in the design process.

Positional Competencies:

1. Strong programming skills (Node, Typescript).
2. Expertise in system administration, networking, and operating systems (Linux/Unix).
3. Proficient in automation tools (Github Actions, Cloudformation, Terraform, Serverless, AWS SDK).
4. Knowledge of AWS monitoring and logging tools such as Cloudwatch, CloudTrail, SecurityHub, GuardDuty. etc.
5. Exceptional attention to detail with a preference for highly structured procedures.
6. Solid grasp of CI/CD security, supply-chain risks, and IaC (Terraform) security reviews.
7. Strong incident response skills across detection, investigation, containment, and recovery especially in complex cloud-native environments.

Qualifications: 

1. Bachelor’s degree in computer science, engineering, or a related field, or equivalent experience in a similar role within the technology sector.
2. Applicants must be authorized to work in the U.S. 
3. 5 or more years of large-scale distributed system development.
4. Minimum of 3 years’ fintech experience, or equivalent experience with regulated environments with compliance requirements (e.g., SOC2, PCI DSS)
5. Minimum of 5 years working in Security Operations/Cloud Security/Blue Team roles, with deep, hands-on experience in AWS (IAM/GuardDuty/CloudTrail/CloudWatch).
6. Practical expertise with SIEM/log analytics, EDR, and secrets management (e.g., Vault).
7. Experience with cloud platforms (AWS preferred, GCP, Azure) and containerization technologies (Docker, ECS).
8. Experience with CI/CD pipelines and tools (Github Actions)
9. Willingness to participate in a shared on-call rotation for security incidents

CORPORATE CORE COMPETENCIES:

1. Drive Action & Results

1. Take on new opportunities with enthusiasm
2. Achieve results even in tough circumstances
3. Take personal accountability for decisions and actions

2. Adapt to Change

1. Operate effectively when things are uncertain
2. Proactively acquire and evaluate information and adapt approach to match shifting demands/situations
3. Rebound from setbacks 

3. Embrace Innovation

1. Create new and better ways to approach challenges and develop solutions 
2. Learn through experimentation
3. Encourage feedback and seek opportunities to work better/smarter/faster
4. Show personal commitment and take action to continuously improve

4. Create Diversity & Foster Collaboration

1. Actively bring, seek, engage, and honor diverse perspectives
2. Identify and address barriers to inclusion to ensure equity and center belonging
3. Work collaboratively and build partnerships to meet shared objectives

PHYSICAL REQUIREMENTS:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

While this is primarily a sedentary role, the employee is regularly required to talk and hear. The employee is also required to sit, stand; walk; use hands to finger, handle or feel; and reach with hands and arms. Specific vision abilities required by this job include close vision, depth perception and the ability to adjust focus.