Security Engineer

Sunbit builds financial technology for real life. Our technology eases the stress of paying for life’s expenses by giving people more options on how and when they pay. Founded in 2016, Sunbit offers a next-generation, no-fee credit card that can be managed through a powerful mobile app, as well as a point-of-sale payment option available at more than 21,000 service locations, including auto dealership service centers, optical practices, dental offices, veterinary clinics, and specialty healthcare services. Sunbit was included on the 2022 Inc. 5000 list. The financial technology company has also been named Sunbit as a Most Loved Workplace®, Best Point of Sale Company, and a Top Fintech Startup by CB Insights.

We use cutting-edge innovations in financial technology to bring leading data and features that allow individuals to be qualified instantly, making purchases at the point-of-sale fast, fair, and easy for consumers from all walks of life. We create value focused on our core values; we work tirelessly to ensure that Sunbit becomes available to everyone, everywhere.

We invite you to #UnleashyourCuriosity and join our ever-growing R&D organization.

Feel free to reach out with any questions!

About the Role

We are looking for a Security Engineer to join our Security Engineering team. This is a generalist, "all-rounder" role — you will work across all security domains, while leading and owning a specific security domain based on your expertise.

You will define and drive security programs, design and implement security controls, and make architecture-level decisions across your domain. You will work closely with R&D, DevOps, and engineering teams, embedding security into how we build and operate at scale, and help shape a security-first culture across the organization.

What You'll Work On

Define and maintain security standards, policies, and controls across all security domains — including SSDLC processes and secure development standards across R&D
Work hands-on alongside R&D, engineering, and IT teams to implement security controls, drive adoption, and ensure execution
Lead and contribute to large-scale security projects with real organizational impact
Evaluate, integrate, and operate industry-leading security tooling and platforms — including emerging startups with cutting-edge technologies
Build automation, tools, internal processes, Terraform modules, GitHub Actions, and AI agents for engineering teams and for your own team
Conduct security assessments and threat modeling.
Lead containment, investigation, and forensic analysis during security incidents
Identify security gaps and misconfigurations across cloud environments, infrastructure, and internal processes — and drive remediation through scalable, long-term solutions
Contribute across all security domains — cloud, application, AI security, detection engineering, IT, and more

Requirements:

5+ years in security engineering with strong hands-on expertise across both application and cloud/infrastructure security
Hands-on experience with SAST, DAST, SCA, WAF, threat modeling, secure code review, and API security
Experience defining and driving secure development lifecycle programs (SSDLC), including embedding security gates into CI/CD pipelines and GitOps workflows
Experience securing cloud-native environments (AWS preferred, GCP/Azure a plus), including containers, Kubernetes workloads, and microservices
Hands-on experience with Terraform, CSPM/CNAPP tooling, and misconfiguration remediation
Solid understanding of networking fundamentals (TCP/IP, DNS, TLS, network segmentation) with practical experience implementing zero trust architectures and ZTNA
Experience with Okta, Google Workspace, SSO/SAML/OIDC, and least-privilege access models
Familiarity with industry-leading security platforms and tooling across MDM, EDR, SIEM, CSPM/CNAPP, ASPM, WAF, DAST/SAST, ZTNA, and identity security platforms
Proficiency in scripting and automation — Python, JavaScript, Bash, or similar
Broad generalist mindset with the ability to operate across multiple security domains and connect the dots between them

Recruitment Fraud Disclaimer

We’ve been made aware of fraudsters impersonating Sunbit employees during the hiring process. Please note that all official communication will come from an @sunbit.com email address, through our applicant tracking platform @sunbit.comeet-notifications.com or directly via LinkedIn. We will never ask for your age, Social Security number, bank account details, payment of any kind, or other unrelated personal information during the application process. Our hiring process always includes interviews, either by phone, zoom, or in person, before any offer is made. If something feels suspicious, please contact us at HR to confirm. We ask that you contact HR only about potential instances of fraud. HR does not reach our recruiting team directly. Your application directly through the posting is the best way to ensure that your candidacy is reviewed by our team. Due to the volume of applications, we will not respond to nor forward emails about your candidacy that are sent to HR directly, and your email about your application will be deleted from our systems.