Security Engineer

**About Coinflow** Coinflow is the next-generation payment service provider revolutionizing global financial infrastructure with stablecoins, AI-driven fraud prevention, and instant settlement. Coinflow enables businesses to grow faster with instant settlement, fraud & chargeback indemnity, global pay-ins, multi-currency FX, and unified payouts. Founded in 2023, the company serves marketplaces, fintechs, remittance providers, gaming platforms, and ecommerce merchants worldwide. Since our seed round in 2024, we’ve achieved 23x revenue growth and scaled to multi-billion-dollar annual transaction volume. In response to this growth, Coinflow announced a [$25M Series A](https://coinflow.cash/blog/coinflows-series-a) in October 2025—led by Pantera Capital, CMT Digital, Coinbase Ventures, Jump Crypto, and Reciprocal Ventures—accelerating our mission to power the world’s fastest-moving businesses with innovative, reliable global payments. Coinflow is proudly headquartered in Chicago, IL.

## What You'll Own - **SIEM & SecOps Dashboard**: Stand up and operate our SIEM. Build out the SecOps dashboard that gives engineering, compliance, and leadership a real-time picture of our security posture — alerts, anomalies, auth events, infrastructure changes, and audit-ready evidence in one place. - **Internal Penetration Testing**: Run continuous internal pentests against Coinflow services, APIs, infrastructure, and embedded SDKs. Use Claude Security and Claude Code to scale your coverage — automate reconnaissance, fuzzing, code review, and exploit development. Document findings, drive remediation, and measure mean-time-to-fix. - **Vulnerability & Dependency Management**: Own the vulnerability lifecycle end-to-end. Triage CVEs across our npm, cargo, and other ecosystems. Build the automation that keeps packages patched without breaking production — including Dependabot tuning, lockfile hygiene, and gated auto-merge for low-risk upgrades. - **Secure Development Lifecycle**: Monitor and improve how we ship code. Define secure-by-default patterns for new services, review threat models for high-risk changes, integrate SAST/DAST/secret scanning into CI, and make the secure path the fast path for engineers. - **Compliance Partnership**: Work alongside our compliance function to produce the evidence, controls, and monitoring artifacts that PCI DSS, SOC 2, ISO 27001, and DORA auditors need — without turning engineering into a paperwork shop.

## What We're Looking For - 4+ years in a security engineering, product security, or DevSecOps role, ideally at a fintech, payments company, or other regulated environment. - Strong hands-on offensive skills — you've broken real systems, not just run scanners. Comfortable with web app, API, cloud, and infrastructure pentesting. - Production experience operating a SIEM (Datadog, Splunk, Elastic, Panther, or similar) and building dashboards that engineers actually use. - Fluency in TypeScript/Node and at least passing comfort with Rust, Go, or Python — enough to read our code, find bugs in it, and write the tooling to find more. - Experience with vulnerability management at scale: CVE triage, SCA tooling, dependency upgrade automation. - Comfort working with AI-native tooling (Claude Code, Claude Security, or similar) as a daily driver — or genuine excitement to start. - A bias toward shipping. We'd rather have a working v1 of a control today than a perfect v3 next quarter.

## What We Offer - The base salary range for this role is $145,000 to $195,000 USD. The actual base salary offered depends on a variety of factors, including but not limited to experience, education, skills, qualifications and business needs. - Eligible for an equity grant, allowing you to share in the long-term success of the company. - Access to a wide array of benefits, including health and wellness benefits, 401(k) savings plan, and flexible time off.

Coinflow provides instant, secure payment infrastructure for businesses, enabling global pay-ins, payouts, and FX orchestration with support for crypto token payments settling in USDC. It targets fast-moving sectors like gaming, Web3, and marketplaces, offering fraud protection, chargeback indemnification, and instant settlements across 170+ countries. The platform empowers merchants to accept payments securely without friction.