Lead Security Engineer
- Security
- Full-time
- Draper, UT
- Remote friendly
- 170K - 230K USD a year
Posted on June 20, 2025
Hey there! We are Jump, AI for Financial Advisors. We are growing super fast, have a culture of kindness and ownership, and we’re looking for someone who is absolutely obsessed with security take ownership of it here at Jump.
About you
You love security. It’s what you are all about and you are very very good at it.
You are very motivated and proactive and can get a lot done every day.
You love coding and are excited to learn Elixir. You really want to find and fix security vulnerabilities in an Elixir/Phoenix codebase.
You are very pleasant to work with and people feel better about themselves after interacting with you.
What you’ll do
Provide guidance, training, and tools to developers on secure coding principles, common vulnerabilities, and secure design patterns.
Analyze, fix, and test vulnerabilities.
Do code reviews, audit and analyze source code for vulnerabilities.
Monitor the security industry for new developments.
Evaluate, recommend, and implement security tools and technologies to improve our application security posture.
Conduct threat modeling exercises for new and existing applications and systems.
Ensure systems and processes adhere to relevant security standards, regulations (e.g., ISO 27001, SOC 2, GDPR, HIPAA), and internal policies.
Implement and manage security controls for cloud environments (e.g., AWS, GCP), including identity and access management (IAM), network security, and data protection.
Maintain comprehensive documentation for security processes, tools, and configurations.
What success looks like after 12 months
SOC 2 Type II report continues to be delivered with zero high‑risk exceptions.
Mean‑time‑to‑detect (MTTD) < 15 min and mean‑time‑to‑resolve (MTTR) < 2 hrs for priority‑1 security events.
≥ 90 % of employees complete annual security training and phishing tests.
Security is a documented, automated part of CI/CD (build fails on critical vulns).
Our largest enterprise customers cite security as a strength in renewals.
You might be a fit if you
Have 5+ years hands‑on security engineering in cloud‑native (AWS/GCP/Azure) product environments.
Can demonstrate end‑to‑end ownership of at least one compliance framework (SOC 2, ISO 27001, HIPAA, PCI DSS, etc.).
Are fluent in modern DevSecOps tooling (Terraform, Kubernetes, GitHub Actions, OIDC/OAuth).
Write code well enough to build internal tooling or fix a critical bug (we use Elixir & Terraform).
Communicate complex risks in plain language to engineers, execs, and customers.
Are comfortable being a “team of one” at first and progressively hiring/mentoring teammates.
Nice‑to‑haves: experience with multi‑tenant data isolation, SAML/SCIM integrations, or selling to regulated industries (FinTech, HealthTech, GovTech).
Compensation & benefits
Base salary: $170 k – $230 k
Benefits: Health/dental/vision, 401k (no match yet)
Time‑off: Flexible PTO with manager approval
Gear: Top‑spec laptop, stipend for home office/security hardware
Hiring process (2–3 weeks total)
Homework assignment — Takes about 1hr
Intro call (30 min) — with CTO.
Paid Trial week — Come work with us for a week and see how you like it
Team member intros & Reference checks
Offer
Other info:
We buy the subscriptions you need (Cursor.ai, ChatGPT, etc)
We’re a small and efficient dev team
We’re growing gangbusters. All revenue-backed, super low churn.
Raised a $20M Series-A a few months ago
HQ based in SLC, Utah
Remote friendly, must be based in the USA
Remote restrictions
- Workday must overlap by at least 3 hours with Denver, CO, USA