Senior Security Engineer

About AutoFi

AutoFi is the leading provider of digital commerce technology that powers the sales and finance experiences for the most innovative brands and dealers in automotive. The AutoFi platform enables a more transactional buying experience with $4B in funded loans processed through AutoFi annually. AutoFi’s dynamic selling platform empowers dealers to sell vehicles more efficiently and profitably, both online and in the showroom. We are funded for years of future growth and backed by investors including Crosslink Capital, Santander Holdings USA, SVB Financial Group, Ford, BMW iVentures and JP Morgan Chase.

Our team is diverse - spread out across the U.S. and Canada, we have backgrounds from finance and technology as well as deep experience in all areas of the auto space. We’re empathetic, gritty, curious, and humble owners of this business and are supported by some of the biggest names in the auto and financial industries as commercial partners. We’ve never been more excited about the opportunity in front of us to help transition the auto industry from offline to online. If changing a trillion-dollar industry sounds exciting, we’d love to hear from you.

For more information, visit www.autofi.com.

About the Role:

AutoFi is looking for a passionate and driven Senior Security Engineer.  You will work closely with development teams, product managers, and third-party groups to ensure AutoFi’s products, services, cloud environments, internal systems, and vendor ecosystem are secure.

You will contribute to secure design reviews, application security standards, vulnerability management, security monitoring, incident response, threat hunting, and third-party security assessments. This role is ideal for someone who is comfortable working across both proactive and operational security functions in a fast-paced environment.

• 
  

  Define, implement, and maintain security practices, standards, and controls across AutoFi’s products, services, cloud environments, and internal systems.

  
  


• 
  

  Partner with engineering and product teams to conduct security design reviews for new features, architecture changes, sensitive workflows, and production-bound implementations.

  
  


• 
  

  Design and implement security standards and secure development practices across engineering teams. 

  
  


• 
  

  Champion security-related activities throughout the software development lifecycle, including secure design, threat modeling, secure coding practices, security testing, and risk-based remediation. 

  
  


• 
  

  Implement, operate, and improve DevSecOps tooling and processes, including SAST, DAST, SCA, secret scanning, dependency analysis, and other application security controls. 

  
  


• 
  

  Assess infrastructure, web applications, and cloud  environments to help identify, prioritize, and drive remediation of security risks.

  
  


• 
  

  Triage vulnerability findings from application security tools, penetration tests, vendor assessments, external reports, and internal reviews.

  
  


• 
  

  Conduct proactive threat hunting using available telemetry from cloud environments, application logs, WAF events, identity systems, endpoint signals, and security platforms.

  
  


• 
  

  Support continuous improvement of AutoFi’s security operations processes, including alert tuning, detection logic, workflow automation, and post-incident lessons learned.

  
  


• 
  

  Assist in defining, implementing, and maintaining third-party risk management policies, procedures, standards, and assessment workflows.

  
  


• 
  

  Conduct and support vendor security assessments

  
  


• 
  

  Identify, document, and help reduce risks related to third-party vendors, SaaS platforms, integrations, service providers, and business partners.

  
  

• 
  

  6+ years of experience in security engineering, application security, cloud security, security operations, or a related security function.

  
  


• 
  

  Experience designing and implementing security controls for modern SaaS, cloud, web application, and API environments.

  
  


• 
  

  Hands-on experience with application security practices, including secure design reviews, threat modeling, secure code review, vulnerability assessment, and OWASP-based testing methodologies.

  
  


• 
  

  Strong understanding of SAST, DAST, IAST, and SCA tooling

  
  


• 
  

  Experience with web & cloud security controls/frameworks

  
  


• 
  

  Familiarity with network and web application protocols (HTTP/S, SAML 2.0, OAuth, Rest APIs)

  
  


• 
  

  Experience with SIEM platforms, alert triage, security investigations, detection workflows, and incident response procedures.

  
  


• 
  

  Familiarity with indicators of compromise, indicators of attack, threat hunting techniques, and incident escalation processes.

  
  


• 
  

  Industry experience building data-driven applications with Javascript, Node.js, and NoQSL. 

  
  


• 
  

  Minimum BS/BA in Cybersecurity, Information Security, Computer Science, or relevant degree, with the ability to demonstrate sophisticated logical thought processes.

  
  


• 
  

  Ability to communicate security risks clearly to engineering, product, compliance, business, and executive stakeholders.

  
  


• 
  

  Comfortable operating in a fast-paced environment with evolving priorities and shared ownership across multiple security domains.

  
  

• 
  

  Experience with common threat modeling frameworks (STRIDE, DREAD, etc).

  
  


• 
  

  Experience with cloud-based Web Application Firewall solutions and web application protection strategies.

  
  


• 
  

  Familiarity with CNAPP, CSPM, CWPP, container security, runtime security, or cloud workload protection platforms.

  
  


• 
  

  Experience with source code security platforms such as GitHub Advanced Security or similar tools.

  
  


• 
  

  Experience conducting proactive threat hunting across cloud, identity, endpoint, network, SaaS, and application telemetry.

  
  


• 
  

  Familiarity with ethical hacking and penetration testing tools & methodologies.

  
  


• 
  

  Experience with AWS security best practices and native controls & services.

  
  


• 
  

  Prior Automotive or FinTech experience.

  
  

What's in it for you:

- We offer full training and a competitive total rewards package along with great benefits

- Medical, Dental & Vision coverage - 100% premium coverage for employee / 50+% for dependents

- Flexible work hours

- Remote environment

- Competitive pay

- Visionary leadership team

- Growth opportunities within a dynamic culture

- Wellness & cultural initiatives (fitness challenges, wellness webinars, virtual games, regional activities, etc.)

- Up to $1K per year for employee professional development

- Stock options - we are all owners!

Individual compensation decisions are based on a number of factors, including the candidate’s experience and qualifications and local market conditions. Please note, the foregoing salary range does not reflect an employee’s total compensation package, which may include bonus, company equity, and health benefits.

AutoFi is an equal opportunity employer.  Individuals seeking employment are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, sexual orientation, gender identity or other protected status under all applicable laws, regulations, and ordinances.

Personal Information submitted as part of your application is subject to our website privacy policy, located at https://www.autofi.com/privacy-policy/

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.