Senior Cybersecurity Engineer

About Us:

Spreedly is the world's leading Open Payments Platform, sitting at the center of a network processing more than $50b of GMV annually. Spreedly's Payments Orchestration platform enables and optimizes digital transactions with the world’s most complete payment services marketplace. Built on Spreedly’s PCI-compliant architecture, our Advanced Vault solution combines a modern feature-set with rule-based configurations to optimize the vaulting experience for all stored payment methods. Global enterprises and hyper-growth companies grow their digital business faster by relying on our payments platform. Hundreds of customers worldwide secure card data in our PCI-compliant vault and use tokenized card data to enable and optimize over $45 billion of annual transaction volumes with any payment service.

Our vision is that the world is better with a diversified, inclusive payment ecosystem. Our mission is to accelerate commerce with an open, secure, and flexible payment platform that welcomes all payment participants. Our employees help us execute our vision by building a culture focused on autonomy, transparency, and collaboration in a dynamic, high-growth organization.

Product Offering: 

Spreedly provides an open payments platform. The platform’s connectivity provides payments performance. Key products and services include:

Payment Gateway Integration: Connects merchants, platforms, and marketplaces to multiple payment gateways and payment services.

Tokenization: Securely stores and manages payment data with a universal tokenization service.

Transaction Routing: Enables intelligent routing of transactions to optimize success rates and costs.

Payment Vault: A secure storage solution for sensitive payment information.

Fraud Tools Integration: Integrates with various fraud prevention tools to enhance transaction security.

About the Role:

As a Senior Cybersecurity Engineer at Spreedly, you will be a crucial member of Spreedly's Information Security Team within the Engineering department. Reporting directly to the Chief Information Security Officer, your role involves actively contributing to the ever-expanding body of work that is Information Security at Spreedly: fortify our systems, networks, and data against evolving cyber threats.

This senior position provides a unique opportunity for a seasoned professional to bring expertise in security operations. You will run various security efforts ensuring the confidentiality, integrity, and availability of Spreedly’s data, specifically focused on securing our applications, content delivery network (CDN), and managing vulnerabilities across our technology stack. Your role is integral to supporting the overall security posture of our organization as we continue to innovate and grow.

• Perform comprehensive security assessments of applications, including static and dynamic code analysis, threat modeling, and penetration testing
• Coordinate Spreedly’s penetration testing program working with internal and external stakeholders
• Collaborate with development teams to integrate security into the software development lifecycle (SDLC) and advocate for secure coding practices
• Implement and manage application security tools, such as WAF, SAST, DAST, and RASP solutions
• Develop and maintain secure design and coding standards
• Design and implement security measures for CDNs to protect against DDoS attacks, data breaches, and other threats
• Monitor CDN configurations to ensure optimal performance and robust security
• Work closely with infrastructure, IT Security, and DevOps teams to monitor and respond to security incidents
• Manage vulnerability scans and the remediation lifecycle, prioritizing vulnerabilities based on risk
• Work across multiple teams to ensure timely patching and mitigation of security gaps
• Develop and maintain metrics and reporting to track the effectiveness of vulnerability management programs
• Conduct security monitoring activities, learning to evaluate system and network behaviors to detect and respond to potential security threats
• Act as the subject matter expert for incident response efforts for application and CDN-related security incidents, including root cause analysis and remediation
• Mentor team members and provide expertise to other teams within the organization
• Collaborate with compliance teams to ensure adherence to regulatory and industry standards such as PCI-DSS, SOC 2, ISO 27001, and others
• Stay updated on the latest security trends, threat intelligence, vulnerabilities, and attack vectors relevant to the organization’s technology

• 5+ years of experience in cybersecurity, with a focus on application security, CDN security, and vulnerability management
• Proficient in programming and scripting languages such as Python, Ruby, JavaScript, or similar
• Experienced in Linux systems management (e.g., AmazonLinux, Ubuntu, RHEL) and cloud environment (e.g., AWS, Azure, Google Cloud) configuration and management
• Hands-on experience with application security tools (e.g., Burp Suite, OWASP ZAP, GitHub Advanced Security) and CDN platforms (e.g., Fastly, Akamai, AWS CloudFront)
• In-depth knowledge of secure coding practices, OWASP Top 10, and common attack vectors
• Strong understanding of vulnerability management frameworks and tools (e.g., Crowdstrike, Qualys, Rapid7)
• Ability to convey complex security concepts to technical and non-technical audiences

• Prior experience at a SaaS-based company or startup
• Relevant certifications such as CISSP, OSCP, CEH, or GIAC

• Competitive salary + Equity
• Outstanding Medical and Dental benefits, including 100% employer-paid options
• Company-paid Life and Disability insurance
• Optional vision and supplemental insurance options, and various Flexible Spending Accounts (FSA)
• Open Paid Time Off policy + 12 weeks of paid leave for new parents
• Matching 401(k) plan (5% up to $5,000 yearly)
• Monthly home working/digital lifestyle stipend, new MacBook, and one-time accessory reimbursement
• Access to company-paid professional coaching service
• Visits to HQ in Durham, North Carolina for remote employees

#LI-AE1

Spreedly is an equal opportunity employer. We are committed to fostering, cultivating, and preserving a culture of diversity, equity, inclusion, and belonging. We actively work to drive out even unintentional discrimination in our hiring processes via practices like blindly graded work samples, structured interviews, and diversity awareness training.

Due to the sensitive nature of what Spreedly does - handling payment data - finalist candidates must complete a successful background and reference check.

At this time Spreedly is unable to provide sponsorship for employment, and we are not set up to support remote employees who reside in California or New York. In order to be considered for employment, applicants must be currently legally authorized to work in the job location country and not require future sponsorship in order to continue working in that country.

We appreciate your interest in our company. Because of the high volume of resume flow, we may only respond to those candidates that we think will be a potential fit.