Senior Security Engineer, Information Security Operations

About Trust Science

Trust Science® is a licensed credit bureau serving alternative and prime lenders across North America. We use AI/ML-powered credit scoring, alternative and traditional data aggregation, and SaaS-based decisioning technology to help lenders make better lending decisions.

We believe: Better Data = Better Decisions = Better Outcomes.

Security, privacy, and compliance are foundational to our business. As we continue to grow, we are looking for a hands-on Senior Security Engineer to help strengthen, operate, and continuously improve our security and compliance practices.

About the Role

We are looking for a Senior Security Engineer, Information Security Operations to play a key role in our information security, privacy, and compliance program.

This is a practical, hands-on security operations role. Reporting directly to the CISO, you will work closely with our development teams, infrastructure/operations teams, and business stakeholders to ensure that security controls are implemented, monitored, documented, and continuously improved.

You will be involved in security operations including, but not limited to: cloud security, endpoint security, vulnerability management, security monitoring, incident response, compliance support, and technical risk management (vulnerability analysis and penetration testing experience is desirable).

The ideal candidate is someone who has strong security fundamentals, enjoys solving real-world problems, and is comfortable working in a growing SaaS/fintech environment where security needs to be both rigorous and practical.

What You’ll Do

In this role, you will support and lead activities such as:

• Configure, manage, and continuously improve security tools including EDR, XDR, CASB, CSPM, DLP, MDM, SIEM, and related platforms
• Support and enhance AWS cloud security controls, monitoring, configurations, and documentation
• Monitor and investigate security alerts, perform triage, and support incident response activities
• Conduct or coordinate vulnerability assessments, penetration testing, remediation tracking, and follow-up
• Conduct or coordinate phishing simulation / BEC testing, remediation tracking, and follow-up
• Perform root-cause analysis and document findings, risks, corrective actions, and lessons learned
• Support disaster recovery and incident response planning / testing for cloud-centric environments
• Work with development and infrastructure teams to embed security controls into the SDLC, CI/CD, deployment, and operational processes
• Help ensure security controls align with internal policies, standards, and procedures
• Support compliance activities related to SOC 2 Type 2, ISO 27001/27002, PCI-DSS, client security requirements, and related frameworks
• Maintain clear and audit-ready security documentation
• Participate in security tool evaluations, implementations, and process improvements
• Provide practical internal guidance on security risks, technical controls, and remediation priorities
• Help strengthen security awareness and a security-first culture across the organization
• Explore opportunities to use automation and AI/ML to improve security operations and threat detection

What You Bring

We are looking for someone with:

• 5+ years of experience in information security, security engineering, security operations, cloud security, or a related technical security role
• Strong hands-on experience with AWS security in a cloud or SaaS environment
• Experience configuring or managing tools including, but not limited to: Microsoft / Azure EDR, XDR, CASB, CSPM, DLP, PAM, MDM, and SIEM Zscaler experience is desirable.
• Experience with vulnerability assessments, penetration testing, follow-up, remediation tracking, and security event monitoring / escalation
• Experience supporting incident detection, incident response, root-cause analysis, and disaster recovery activities
• Familiarity with compliance frameworks such as SOC 2, ISO 27001, PCI-DSS, and related audit expectations
• Experience working with development, DevOps, infrastructure, or operations teams to implement security controls
• Strong documentation skills and the ability to translate technical security work into clear evidence for audits, reviews, and internal stakeholders
• Comfort working in a growing company where you may need to both design improvements and execute the details
• Strong judgment, curiosity, collaboration skills, and a practical risk-based mindset

Nice to Have

The following would be considered assets:

• AWS security certification or other relevant cloud/security certifications
• Experience in fintech, financial services, credit bureau, lending, or other regulated environments
• Experience with GCP in addition to AWS
• Experience integrating security tooling with SIEM platforms
• Experience applying automation or AI/ML to cybersecurity practices
• Experience supporting external audits or client security assessments
• Experience with secure SDLC, DevSecOps, CI/CD security, or application security
• Experience training or coaching internal teams on security best practices

The Kind of Person Who Thrives Here

You are someone who:

• Has strong security fundamentals and is not “above” the details
• Enjoys rolling up your sleeves and solving practical problems
• Can balance security, business needs, and operational reality
• Works well with developers, infrastructure teams, business leaders, and auditors
• Communicates clearly and calmly, especially when dealing with risk or incidents
• Is comfortable building, improving, and documenting systems rather than only maintaining mature ones
• Brings a collaborative, service-oriented approach to security
• Appreciates the demands of a fast-paced, disruptive firm.
• Wants to grow with a company where security, privacy, and compliance are critical to customer trust

Why Join Trust Science?

At Trust Science, you will have the opportunity to make a meaningful impact in a growing fintech company where security is central to how we serve our customers.

You will work closely with experienced leaders and technical teams, contribute to security and compliance practices that support our North American platform, and help protect data, systems, and customers in a business that uses technology for better credit decisioning outcomes.

Work Location: Remote