Security Engineer

Sunbit builds financial technology for real life. Our technology eases the stress of paying for life’s expenses by giving people more options on how and when they pay. Founded in 2016, Sunbit offers a next-generation, no-fee credit card that can be managed through a powerful mobile app, as well as a point-of-sale payment option available at more than 21,000 service locations, including auto dealership service centers, optical practices, dental offices, veterinary clinics, and specialty healthcare services. Sunbit was included on the 2022 Inc. 5000 list. The financial technology company has also been named Sunbit as a Most Loved Workplace®, Best Point of Sale Company, and a Top Fintech Startup by CB Insights.

We use cutting-edge innovations in financial technology to bring leading data and features that allow individuals to be qualified instantly, making purchases at the point-of-sale fast, fair, and easy for consumers from all walks of life. We create value focused on our core values; we work tirelessly to ensure that Sunbit becomes available to everyone, everywhere.

We invite you to #UnleashyourCuriosity and join our ever-growing R&D organization.

Feel free to reach out with any questions!

About the Role

We are looking for a Security Engineer to join our Security Engineering team. This is a generalist, "all-rounder" role — you will work across all security domains, while leading and owning a specific security domain based on your expertise.

You will define and drive security programs, design and implement security controls, and make architecture-level decisions across your domain. You will work closely with R&D, DevOps, and engineering teams, embedding security into how we build and operate at scale, and help shape a security-first culture across the organization.

What You'll Work On

• Define and maintain security standards, policies, and controls across all security domains — including SSDLC processes and secure development standards across R&D
• Work hands-on alongside R&D, engineering, and IT teams to implement security controls, drive adoption, and ensure execution
• Lead and contribute to large-scale security projects with real organizational impact
• Evaluate, integrate, and operate industry-leading security tooling and platforms — including emerging startups with cutting-edge technologies
• Build automation, tools, internal processes, Terraform modules, GitHub Actions, and AI agents for engineering teams and for your own team
• Conduct security assessments and threat modeling.
• Lead containment, investigation, and forensic analysis during security incidents
• Identify security gaps and misconfigurations across cloud environments, infrastructure, and internal processes — and drive remediation through scalable, long-term solutions
• Contribute across all security domains — cloud, application, AI security, detection engineering, IT, and more

Requirements:

• 5+ years in security engineering with strong hands-on expertise across both application and cloud/infrastructure security
• Hands-on experience with SAST, DAST, SCA, WAF, threat modeling, secure code review, and API security
• Experience defining and driving secure development lifecycle programs (SSDLC), including embedding security gates into CI/CD pipelines and GitOps workflows
• Experience securing cloud-native environments (AWS preferred, GCP/Azure a plus), including containers, Kubernetes workloads, and microservices
• Hands-on experience with Terraform, CSPM/CNAPP tooling, and misconfiguration remediation
• Solid understanding of networking fundamentals (TCP/IP, DNS, TLS, network segmentation) with practical experience implementing zero trust architectures and ZTNA
• Experience with Okta, Google Workspace, SSO/SAML/OIDC, and least-privilege access models
• Familiarity with industry-leading security platforms and tooling across MDM, EDR, SIEM, CSPM/CNAPP, ASPM, WAF, DAST/SAST, ZTNA, and identity security platforms
• Proficiency in scripting and automation — Python, JavaScript, Bash, or similar
• Broad generalist mindset with the ability to operate across multiple security domains and connect the dots between them

Recruitment Fraud Disclaimer

We’ve been made aware of fraudsters impersonating Sunbit employees during the hiring process. Please note that all official communication will come from an @sunbit.com email address, through our applicant tracking platform @sunbit.comeet-notifications.com or directly via LinkedIn. We will never ask for your age, Social Security number, bank account details, payment of any kind, or other unrelated personal information during the application process. Our hiring process always includes interviews, either by phone, zoom, or in person, before any offer is made. If something feels suspicious, please contact us at HR to confirm. We ask that you contact HR only about potential instances of fraud. HR does not reach our recruiting team directly. Your application directly through the posting is the best way to ensure that your candidacy is reviewed by our team. Due to the volume of applications, we will not respond to nor forward emails about your candidacy that are sent to HR directly, and your email about your application will be deleted from our systems.