Coinflow Labs Payments

Introduction:
A payment solution that allows web3 companies to accept traditional payment methods.
#Security·Engineer #Engineering
Responsibilities:
1️⃣ SIEM & SecOps Dashboard: Stand up and operate our SIEM. Build out the SecOps dashboard that gives engineering, compliance, and leadership a real-time picture of our security posture — alerts, anomalies, auth events, infrastructure changes, and audit-ready evidence in one place.
2️⃣ Internal Penetration Testing: Run continuous internal pentests against Coinflow services, APIs, infrastructure, and embedded SDKs. Use Claude Security and Claude Code to scale your coverage — automate reconnaissance, fuzzing, code review, and exploit development. Document findings, drive remediation, and measure mean-time-to-fix.
3️⃣ Vulnerability & Dependency Management: Own the vulnerability lifecycle end-to-end. Triage CVEs across our npm, cargo, and other ecosystems. Build the automation that keeps packages patched without breaking production — including Dependabot tuning, lockfile hygiene, and gated auto-merge for low-risk upgrades.
4️⃣ Secure Development Lifecycle: Monitor and improve how we ship code. Define secure-by-default patterns for new services, review threat models for high-risk changes, integrate SAST/DAST/secret scanning into CI, and make the secure path the fast path for engineers.
5️⃣ Compliance Partnership: Work alongside our compliance function to produce the evidence, controls, and monitoring artifacts that PCI DSS, SOC 2, ISO 27001, and DORA auditors need — without turning engineering into a paperwork shop.
Requirements:
1️⃣ 4+ years in a security engineering, product security, or DevSecOps role, ideally at a fintech, payments company, or other regulated environment
2️⃣ Strong hands-on offensive skills — you've broken real systems, not just run scanners. Comfortable with web app, API, cloud, and infrastructure pentesting
3️⃣ Production experience operating a SIEM (Datadog, Splunk, Elastic, Panther, or similar) and building dashboards that engineers actually use
4️⃣ Fluency in TypeScript/Node and at least passing comfort with Rust, Go, or Python — enough to read our code, find bugs in it, and write the tooling to find more
5️⃣ Experience with vulnerability management at scale: CVE triage, SCA tooling, dependency upgrade automation
6️⃣ Comfort working with AI-native tooling (Claude Code, Claude Security, or similar) as a daily driver — or genuine excitement to start
7️⃣ A bias toward shipping. We'd rather have a working v1 of a control today than a perfect v3 next quarter.
Apply:
More Info:
Website | Global Channel | Korean Channel | Discord | Support