Sr./Staff Security Engineer

Shape the future of trust in the age of AI

At Oscilar, we're building the most advanced AI Risk Decisioning™ Platform. Banks, fintechs, and digitally native organizations rely on us to manage their fraud, credit, and compliance risk with the power of AI. If you're passionate about solving complex problems and making the internet safer for everyone, this is your place.

Why join us:

• Mission-driven teams: Work alongside industry veterans from Meta, Uber, Citi, and Confluent, all united by a shared goal to make the digital world safer.

• Ownership and impact: We believe in extreme ownership. You'll be empowered to take responsibility, move fast, and make decisions that drive our mission forward.

• Innovate at the cutting edge: Your work will shape how modern finance detects fraud and manages risk.

Job Description

This is our first dedicated security engineering hire. Your center of gravity is product security — you'll initially span product, infrastructure, and LLM/agent security as we scale the function.

What You'll Do

• Own threat modeling across our core platform APIs, risk decisioning and event-ingestion systems, and agentic AI products; harden multi-tenant isolation and data-handling across designs and PRs.

• Design, implement, and deploy authentication, authorization (user and API), and RBAC across our platform: own and propose new approaches as we scale

• Stand up our AppSec program from the ground up: SAST (Semgrep), SCA (Dependabot/Snyk), secret scanning, IaC scanning, and container scanning on Pulumi + EKS

• Build guardrails around LLM usage — prompt-injection defenses, output validation, and cost and abuse monitoring on Bedrock/Anthropic/OpenAI calls

• Drive security incident process, vulnerability triage, and the responsible-disclosure workflow

• Write SECURITY.md, maintain a threat registry, and champion secure-by-default patterns across the engineering org

• Partner with IT on shared areas — incident response across corporate and product, access reviews, and audit evidence collection

• Collaborate with product and engineering teams on feature design, embedding security early rather than gating at the end

• Keep us aligned with current security standards and trends (OWASP, MITRE ATT&CK, and emerging LLM/agent security guidance)

You Might Be a Fit If You Have

• Strong software engineering fundamentals — 5+ years building software, with the last 3+ focused on application or product security, ideally at a fintech or data-heavy SaaS company

• Strong hands-on Java and/or Python code review skills — you're comfortable in a PR, not just in a report

• Experience with SSO, SAML, OAuth 2.0, JWT, mTLS, and JOSE; multi-tenant authZ; PII handling/tokenization

• Working knowledge of AWS security primitives (IAM, KMS, Secrets Manager, VPC) and Kubernetes

Nice to Have

• Experience providing technical evidence and controls for SOC 2 / PCI / ISO 27001 audits

• Prior experience building or tuning SAST rules (Semgrep, CodeQL)

• OSCP, CISSP, or a meaningful bug-bounty track record

Benefits

• Compensation: Candidates are hired as CLT and are offered competitive salary

• Stock Options: Candidates will receive stock options

• Benefits: 100% of your Medical/Dental (Care Plus) for you and your dependents; 100% Life / LTD (Prudential)

• Caju Card: We offer a Caju Card for monthly meal allowance

• Flexibility: Remote first culture.

• Culture: Family-Friendly environment; Regular team events and offsites.

• Development: Unparalleled learning and professional development opportunities.

• Impact: Making the internet safer by protecting online transactions.