Open role

Security Engineer

San Francisco, CA (On-site) · Full-time

As a Security Engineer, you will take charge of protecting Methodic’s platform and data. This includes performing security reviews, implementing safeguards, and ensuring compliance with relevant security standards. Our clients trust us with sensitive financial data and transactions, so security is a non-negotiable priority. You’ll work across the stack to identify vulnerabilities, recommend improvements, and foster a security-first mindset throughout the team.

Responsibilities

Conduct regular security audits of our application (code and infrastructure) to identify vulnerabilities such as injection flaws, data exposure, or access control issues.
Implement and manage security measures like encryption (for data at rest and in transit), secure authentication/authorization (OAuth, JWT, multi-factor auth), and robust access control policies.
Set up and maintain tools for vulnerability scanning and penetration testing; coordinate periodic third-party security assessments and ensure any findings are remediated promptly.
Monitor security logs and alerts for any signs of breaches or suspicious activity; respond to security incidents with thorough investigation and patching of the root cause.
Ensure compliance with security-related regulations and standards (e.g., GDPR for data privacy, PCI DSS if handling payments, SOC 2 for service processes) by implementing necessary controls and documenting practices.
Educate and train the engineering team on secure coding and operational practices (run security workshops, share updates on new vulnerabilities or attack vectors relevant to our tech stack).
Stay up-to-date with the latest threats, vulnerabilities, and mitigation techniques; proactively implement updates or changes to keep our platform secure against emerging risks.

Requirements

5+ years of experience in cybersecurity or application security roles, preferably with exposure to securing cloud-based web applications.
In-depth knowledge of common web and API vulnerabilities (OWASP Top 10, etc.) and experience applying remediations.
Familiarity with cryptographic principles and experience implementing encryption, key management, and secure protocols.
Hands-on experience with security tools (static analysis, dynamic analysis, intrusion detection systems, etc.).
Understanding of network security fundamentals and cloud security best practices.
Experience ensuring compliance with frameworks or standards like ISO 27001, SOC 2, PCI, or others relevant to a SaaS business.
Strong analytical mindset and attention to detail, with excellent problem-solving skills in high-pressure situations (like responding to an incident).
A collaborative approach – able to work with developers, DevOps, and compliance to integrate security into every aspect of our operations.

Submit your application

Provide a few details and our hiring team will reach out with next steps.

Candidate details

Optional, max 5MB.

We email a confirmation to the hiring team.