Jump

Visit website

Lead Security Engineer 

  • Security
  • Full-time
  • Draper, UT
  • Remote friendly
  • 170K - 230K USD a year

Posted on June 20, 2025

Hey there! We are Jump, AI for Financial Advisors. We are growing super fast, have a culture of kindness and ownership, and we’re looking for someone who is absolutely obsessed with security take ownership of it here at Jump.

What you’ll do

  • Provide guidance, training, and tools to developers on secure coding principles, common vulnerabilities, and secure design patterns.

  • Analyze, fix, and test vulnerabilities.

  • Do code reviews, audit and analyze source code for vulnerabilities.

  • Monitor the security industry for new developments.

  • Evaluate, recommend, and implement security tools and technologies to improve our application security posture.

  • Conduct threat modeling exercises for new and existing applications and systems.

  • Ensure systems and processes adhere to relevant security standards, regulations (e.g., ISO 27001, SOC 2, GDPR, HIPAA), and internal policies.

  • Implement and manage security controls for cloud environments (e.g., AWS, GCP), including identity and access management (IAM), network security, and data protection.

  • Maintain comprehensive documentation for security processes, tools, and configurations.

What success looks like after 12 months

  • SOC 2 Type II report continues to be delivered with zero high‑risk exceptions.

  • Mean‑time‑to‑detect (MTTD) < 15 min and mean‑time‑to‑resolve (MTTR) < 2 hrs for priority‑1 security events.

  • ≥ 90 % of employees complete annual security training and phishing tests.

  • Security is a documented, automated part of CI/CD (build fails on critical vulns).

  • Our largest enterprise customers cite security as a strength in renewals.

You might be a fit if you

  • Have 5+ years hands‑on security engineering in cloud‑native (AWS/GCP/Azure) product environments.

  • Can demonstrate end‑to‑end ownership of at least one compliance framework (SOC 2, ISO 27001, HIPAA, PCI DSS, etc.).

  • Are fluent in modern DevSecOps tooling (Terraform, Kubernetes, GitHub Actions, OIDC/OAuth).

  • Write code well enough to build internal tooling or fix a critical bug (we use Elixir & Terraform).

  • Communicate complex risks in plain language to engineers, execs, and customers.

  • Are comfortable being a “team of one” at first and progressively hiring/mentoring teammates.

Nice‑to‑haves: experience with multi‑tenant data isolation, SAML/SCIM integrations, or selling to regulated industries (FinTech, HealthTech, GovTech).

Compensation & benefits

Base salary: $170 k – $230 k

Benefits: Health/dental/vision, 401k (no match yet)

Time‑off: Flexible PTO with manager approval

Gear: Top‑spec laptop, stipend for home office/security hardware

Hiring process (2–3 weeks total)

  1. Homework assignment — Takes about 1hr

  2. Intro call (30 min) — with CTO.

  3. Paid Trial week — Come work with us for a week and see how you like it

  4. Team member intros & Reference checks

  5. Offer

Remote restrictions

  • Workday must overlap by at least 3 hours with Denver, CO, USA