T&S / Security Engineer at Summer (unpublished)

We are redirecting you to the source. If you are not redirected in 3 seconds, please click here.

T&S / Security Engineer at Summer (unpublished). . Location: Remote - U.S.. Senior DevSecOps Engineer. . Remote - U.S.. . Who We Are. . Summer. is a Certified B Corp® with a mission to maximize savings for the 46 million Americans burdened by student debt. Summer combines policy expertise with innovative tech to help borrowers simplify college cost planning and student loan repayment, generating $278/month in savings per person and $1.8B in savings for our users to date. Watch our. product overview. and hear from. our members. on how Summer has put them on the path to becoming debt free.. . Summer has raised $30 million to date from world-class investors, including QED Investors, General Catalyst, Greycroft, Rebalance Capital, SemperVirens, Foundation Capital, Story Ventures, NextView, Flourish Ventures, and the Financial Health Network. We've partnered with dozens of clients who pay for Summer to assist their employees and customers, including the city government of Alexandria, Virginia, the American Federation of Teachers, the American Diabetes Association, Asurion, the City of New York, ADP and more.. . Your Role. . We are seeking an experienced . Senior DevSecOps Engineer. to join our team as a trusted advisor and direct contributor focused on security design and review across our SaaS platform and company infrastructure. This role combines hands-on security engineering with strategic security process design and proactive recommendations to support our compliance and risk management objectives.. . Join us as we build innovative solutions that help millions of student loan borrowers achieve billions of dollars in savings.. . Responsibilities. . Security Engineering & Operations. . . Vulnerability Management:. Conduct regular vulnerability assessments, penetration testing, and security audits to identify and remediate security gaps across our cloud infrastructure and applications. . Security Monitoring:. Monitor systems for security threats, suspicious behavior, and anomalies using SIEM tools and security monitoring and vulnerability platforms like CrowdStrike and Nessus. . Incident Response:. Lead security incident response efforts, investigate suspicious reports, and implement preventative measures that may be warranted. . Code Security Reviews:. Review and approve code (Node, React, Python) that accesses to data, authentication, or integrations, ensuring secure development practices are followed. . Cross-functional Collaboration:. Work closely with engineering and operations teams, including executive stakeholders and occasionally third-party service providers, to integrate security best practices into development and deployment processes. . . Infrastructure & Cloud Security. . . Architecture Review:. Evaluate and provide security recommendations for system architecture changes (e.g. network segmentation, microservices, virtual environments, data warehousing, etc) and new feature implementations, including the evaluation of AI enablement opportunities. . Cloud Security:. Secure cloud deployments (AWS/Heroku/Netlify), including configuration of firewalls, IAM policies, VPCs, databases/data warehouses (PostgreSQL, Snowflake), API security, container security, and network monitoring. . Access Controls:. Manage and maintain access controls across server environments, implementing principle of least privilege. . Data Classification:. Advise and audit the proper handling of data in accordance with privacy and security requirements and data classification policies. . Integration Security:. Review and assess security implications of all third-party integrations and vendor relationships. . Dependency Management:. Stay current on vulnerabilities and versions of all system dependencies, coordinating updates as needed. . . Compliance & Risk Management. . . Security Strategy:. Provide recommendations and technical input for security strategy and policy development, including the implications of emerging technologies like artificial intelligence. . SOC 2 Support:. Provide technical attestation and evidence for SOC 2 Type II audits and other security compliance frameworks. . Policy Implementation:. Implement and maintain security policies across the organization, including endpoint security for laptops and mobile devices. . Risk Assessment:. Evaluate third-party providers and vendors for security risks and compliance requirements. . Security Awareness:. Educate team members on security best practices and emerging threats, both within engineering and across the organization. . . Qualifications. . . Bachelor's degree in Computer Science, Information Security, Cybersecurity, or related technical field. . 5+ years of hands-on experience in security engineering or related roles. . Expertise in secure software development, architecture design, threat modeling, CI/CD pipelines, and risk assessment. . Deep knowledge of network, system, database, and application layer attack patterns and mitigation methods. . Ability to clearly communicate complex concepts appropriately to multiple audience types. . Coding skills necessary to discover and patch issues  Node, TypeScript/React, Python . . Solid understanding and experience with AWS, Heroku, Netlify, and Snowflake, including policy, configurations, and security management tooling. . Proven track record with SOC 2, PCI DSS, or similar compliance frameworks and reporting. . Experience working in startup or high-growth environments, fintech, and/or highly-regulated industries preferred. . Cloud security certifications with evidence of continued education in the area of security are a plus. . . Title and salary varies based on skills assessment and relevant experience.. .  . . Values. . We're proud to be a mission-driven company with an inclusive culture. Our greatest asset is the set of values our team strives to embody every day: empathy, diversity, growth, determination, humility, and fun. Learn more about. culture at Summer. .. . We also offer competitive salaries, significant equity allocations, healthcare coverage, 401(k) plans with an employer match, contribution toward student loan repayment, and flexible vacation/PTO. Summer supports a hybrid, flexible work environment and we welcome applicants from anywhere in the United States.. . Sound interesting? We look forward to hearing from you. Join us to help fix the system!. . -----. . Summer provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.. . This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.