Senior Security Engineer

What You'll Do:

• Design and implement security controls and tools within CI/CD pipelines to protect against threats and vulnerabilities.
• Conduct security assessments, code reviews, and penetration testing on applications and infrastructure deployed through CI/CD workflows.
• Integrate security tools (e.g., SAST, DAST, dependency scanning) into CI/CD systems such as Jenkins, GitLab CI/CD, GitHub Actions, or CircleCI.
• Collaborate with DevOps teams to automate security checks and ensure secure configuration of build and deployment environments.
• Monitor and respond to security incidents related to CI/CD processes, including artifact integrity and pipeline tampering.
• Develop and maintain documentation for secure CI/CD practices, policies, and procedures.
• Stay up-to-date with emerging threats, vulnerabilities, and security technologies relevant to CI/CD and cloud-native environments.
• Educate and train development teams on secure coding practices and CI/CD security principles.
• Ensure compliance with regulatory standards (e.g., SOC 2, ISO27001) in the software delivery lifecycle.

What You Have:

• 3+ years of experience in security engineering, DevSecOps, or a related role.
• Hands-on experience securing CI/CD pipelines using tools like Jenkins, GitLab CI/CD, GitHub Actions, or similar platforms.
• Proficiency with security tools such as Sonarcloud Github Security
• Strong understanding of software development lifecycle (SDLC) and DevOps practices.
• Familiarity with containerization and orchestration technologies (e.g., Docker, Kubernetes) and their security implications.
• Knowledge of cloud platforms (e.g., AWS) and their security configurations.
• Experience with scripting languages (e.g., Python, Bash) for automation and tool integration.
• Excellent problem-solving skills and attention to detail.

Extras you bring

• Experience with Infrastructure-as-Code (IaC) tools like Terraform or CloudFormation.
• Familiarity with secrets management tools (e.g., HashiCorp Vault, AWS Secrets Manager).
• Understanding of zero-trust security models and their application in CI/CD.
• Strong communication skills to collaborate across technical and non-technical teams.
• Ability to prioritize and manage multiple tasks in a fast-paced environment.
• Proactive mindset with a focus on identifying and mitigating risks early in the development process.

Why Join Polly?

• We are attacking a trillion-dollar market with gross inefficiencies and seeking to transform the way an entire industry operates 
• You will have an impact on the design, architecture and implementation of markets that are often called the engine of US economy
• We value drive for excellence, independent thinking, teamwork and curiosity
• You will work with both government backed and industry leading companies to create a digital pipeline that facilitates real time trading of loans
• We have an experienced leadership team that previously built large and impactful platforms 
• Outstanding opportunity for professional growth and upward mobility 
• Direct engagement with the decision makers and senior business leaders 
• Competitive salaries
• 100% paid medical/vision/dental/disability/life insurance 
• Unlimited PTO
• Hybrid environment; 3x weekly in an innovation hub in San Francisco or Dallas