Sezzle - Senior Security Infrastructure Engineer

• Experience contributing to threat modeling and security design reviews for modern systems • Strong hands-on experience in vulnerability management, including scanning, triage, validation, remediation coordination, and verification • Experience working with SIEM platforms (e.g., Wazuh, Splunk, ELK) for detection engineering, monitoring, and incident response • Practical experience triaging findings from vulnerability scanners and bug bounty programs • Strong knowledge of AWS, Linux, and Kubernetes infrastructure, including security architecture, hardening, and operational best practices • Experience improving infrastructure security, including CI/CD hardening and mitigating software supply chain risks • Experience with container and dependency security tools (e.g., Snyk, Trivy, Grype, etc.) • Ability to investigate issues directly using logs, cloud tooling, and system-level data • Knowledge of common security vulnerabilities and mitigation strategies (OWASP, SANS, etc.) • Working knowledge of compliance frameworks such as PCI DSS and SOC 2 • Experience designing and tuning detection rules, reducing alert noise, and improving investigation workflows • Strong understanding of cloud-native security controls, including IAM, network segmentation, and container security • Familiarity with log-based detection, telemetry pipelines, and security analytics use cases • Experience designing secure CI/CD workflows that reduce exposure to vulnerable dependencies and untrusted artifacts • Ability to assess application and infrastructure risk and translate findings into actionable improvements • Experience aligning technical security work with regulatory and compliance expectations • Experience using automation and AI to reduce manual effort and improve consistency at scale • You think proactively about security and work to address risk early through clear design feedback and practical engineering solutions • You bring strong cloud and infrastructure judgment, especially in AWS and Kubernetes environments • You raise the bar on hardening and operational discipline, especially in CI/CD and supply chain security practices • You approach security monitoring with an investigator’s mindset and can turn telemetry into meaningful detection and response outcomes • You are excited to use automation and emerging technologies (including AI) to automate repetitive security work and improve team effectiveness • You balance strong security standards with business needs and can support privacy and compliance requirements in a practical, scalable way • You have relentlessly high standards - many people may think your standards are unreasonably high. You are continually raising the bar and driving those around you to deliver great results. You make sure that defects do not get sent down the line and that problems are fixed so they stay fixed. • You’re not bound by convention - your success—and much of the fun—lies in developing new ways to do things • You’re not bound by convention • You need action - speed matters in business. Many decisions and actions are reversible and do not need extensive study. We value calculated risk-taking. • You need action • You earn trust - you listen attentively, speak candidly, and treat others respectfully. • You earn trust • You have backbone; disagree, then commit - you can respectfully challenge decisions when you disagree, even when doing so is uncomfortable or exhausting. You have conviction and are tenacious. You do not compromise for the sake of social cohesion. Once a decision is determined, you commit wholly. • You have backbone; disagree, then commit • You deliver results - you focus on the key inputs and deliver them with the right quality and in a timely fashion. Despite setbacks, you rise to the occasion and never settle. • You deliver results • Sezzle’s Technology Stack: • Languages: Golang, Typescript, Python • Languages: • Frontend: Typescript - React and React Native • Frontend: • Backend: Golang • Backend: • Database: MySQL, Postgres, Elasticsearch • Database: • DevOps & Cloud: AWS, Kubernetes • DevOps & Cloud: • Version Control: Git • Version Control: • CI/CD: • Testing: Developer and AI-driven, focus on automated end-to-end, integration, and unit tests • Testing: • Open Source: Sezzle is focused on using open source, and we build what we can before buying! • Open Source: • What Makes Working at Sezzle Awesome? • At Sezzle, we are more than just brilliant engineers, passionate data enthusiasts, out-of-the-box thinkers, and determined innovators; we are skilled musicians, yogis, cyclists, chefs, golfers, dog-lovers, and rock-climbers. We believe in surrounding ourselves with not only the best and the brightest individuals, but those that are unique and purpose-driven in all that they do. Our culture is not defined by a certain set of perks designed to give the illusion of the traditional startup culture, but rather, it is the visible example living in every employee that we hire. • #Li-remote #full-time