Job description

Glocomms is partnered with a small, high-growth FinTech firm in New York City to hire a Principal Product Security Engineer. This firm is building secure, scalable infrastructure for Bitcoin investing and digital asset management and currently holds a multi-billion-dollar valuation. The Principal Product Security Engineer will be a hands-on technical leader responsible for building and integrating security directly into the firm's core infrastructure and product stack. Note: This is not a governance or oversight role-it's an engineering-first position for someone who thrives in code, understands systems deeply, and can design secure solutions that scale across cloud-native environments. Primary Responsibilities • Write production-grade code to build security tooling, automate testing, and integrate controls into CI/CD pipelines. • Conduct deep, hands-on code reviews across the product stack to identify security vulnerabilities, enforce secure design patterns, and guide engineering teams toward best practices. • Architect and implement cloud security solutions, including hardened configurations, IAM policies, and network controls. • Lead threat modeling and risk assessments for new features, infrastructure changes, and deployments. • Develop and maintain automated security testing frameworks and integrate them into developer workflows. • Collaborate with engineering teams to embed DevSecOps practices and shift security left in the development lifecycle. • Own vulnerability management processes, including scanning, triage, and remediation strategies. Key Qualifications • 8+ years of experience in product or application security, with a strong background in software engineering. • Proficiency in at least two of the following languages: Python, Java, Golang. • Deep understanding of cloud security architecture (AWS, GCP, or Azure), including infrastructure-as-code and secure deployments. • Experience building and integrating security tools into CI/CD pipelines (e.g., GitHub Actions, Jenkins, CircleCI). • Strong knowledge of application security principles, threat modeling, and secure design patterns. • Hands-on experience with vulnerability scanning tools, SAST/DAST, and automated testing frameworks. • Ability to assess risk and implement scalable mitigation strategies with measurable impact. Additional Information • Location: Fully onsite in New York City - candidates must be able to work onsite 5 days per week. • Compensation: Competitive base salary up to $300,000-$350,000/year, plus equity. • This is a high-impact, high-autonomy role with direct access to engineering leadership and the opportunity to shape the security posture of a fast-moving FinTech platform.

Requirements