Lead Security Engineer

Job DescriptionJob Description

Apply here: https://careers.jumpapp.com/35160

Hey there! We are Jump, AI for Financial Advisors. We are growing super fast, have a culture of kindness and ownership, and we’re looking for someone who is absolutely obsessed with security take ownership of it here at Jump.

About you

• You love security. It’s what you are all about and you are very very good at it.

• You are very motivated and proactive and can get a lot done every day.

• You love coding and are excited to learn Elixir. You really want to find and fix security vulnerabilities in an Elixir/Phoenix codebase.

• You are very pleasant to work with and people feel better about themselves after interacting with you.

What you’ll do

• Provide guidance, training, and tools to developers on secure coding principles, common vulnerabilities, and secure design patterns.

• Analyze, fix, and test vulnerabilities.

• Do code reviews, audit and analyze source code for vulnerabilities.

• Monitor the security industry for new developments.

• Evaluate, recommend, and implement security tools and technologies to improve our application security posture.

• Conduct threat modeling exercises for new and existing applications and systems.

• Ensure systems and processes adhere to relevant security standards, regulations (e.g., ISO 27001, SOC 2, GDPR, HIPAA), and internal policies.

• Implement and manage security controls for cloud environments (e.g., AWS, GCP), including and access management (IAM), network security, and data protection.

• Maintain comprehensive documentation for security processes, tools, and configurations.

What success looks like after 12 months

• Major vulnerabilities are found

• SOC 2 Type II report continues to be delivered with zero high‐risk exceptions.

• Mean‐time‐to‐detect (MTTD) < 15 min and mean‐time‐to‐resolve (MTTR) < 2 hrs for priority‐1 security events.

• ≥ 90 % of employees complete annual security training and phishing tests.

• Security is a documented, automated part of CI/CD (build fails on critical vulns).

• Our largest enterprise customers cite security as a strength in renewals.

You might be a fit if you

• Have 5+ years hands‐on security engineering in cloud‐ (AWS/GCP/Azure) product environments.

• Can demonstrate end‐to‐end ownership of at least one compliance framework (SOC 2, ISO 27001, HIPAA, PCI DSS, etc.).

• Are fluent in modern DevSecOps tooling (Terraform, Kubernetes, GitHub Actions, OIDC/OAuth).

• Write code well enough to build internal tooling or fix a critical bug (we use Elixir & Terraform).

• Communicate complex risks in plain to engineers, execs, and customers.

• Are comfortable being a “team of one” at first and progressively hiring/mentoring teammates.

Nice‐to‐haves: experience with multi‐tenant data isolation, SAML/SCIM integrations, or selling to regulated industries (FinTech, HealthTech, GovTech).

Compensation & benefits

Base salary: $170 k – $260 k USD

Benefits: Health/dental/vision, 401k (no match yet)

Time‐off: Flexible PTO with manager approval

Gear: Top‐spec laptop, stipend for home office/security hardware

Hiring process (2–3 weeks total)

1. Homework assignment — Takes about 1hr

2. Intro call (30 min) — with CTO.

3. Paid Trial week — Come work with us for a week and see how you like it

4. Team member intros & Reference checks

5. Offer

Other info:

• We buy the subscriptions you need (Cursor.ai, ChatGPT, etc)

• We’re a small and efficient dev team

• We’re growing gangbusters. All revenue-backed, super low churn.

• Raised a $20M Series-A a few months ago

• HQ based in SLC, Utah

• Remote friendly, must be based in the USA