Security Engineering Manager (Associate)

Requirements

• 8+ years in application security, DevSecOps, or security engineering with strong hands‑on depth
• Tech lead, team lead, or early management experience — with a clear desire to grow into engineering management and openness to being coached
• Track record of leading technical initiatives end‑to‑end: scoping, executing, and rollout
• Strong understanding of cloud security across at least one major provider (GCP preferred; AWS or Azure transferable), with multi‑cloud experience as a plus
• Experience with security tooling: CNAPP/CSPM platforms, vulnerability scanners, SAST/DAST, dependency scanning, and penetration testing coordination
• Familiarity with cloud‑native technologies (Kubernetes, CI/CD pipelines, Infrastructure as Code) sufficient to embed security controls into modern delivery pipelines
• Familiarity with AI security — LLM security risks, adversarial testing, secure integration patterns
• Active user of AI‑assisted development tools (Claude, Copilot, Cursor, or similar)
• Track record of driving outcomes using metrics, OKRs, or KPIs
• Systems and outcomes mindset — able to prioritize the work that matters most and say no to the rest
• Effective communicator across engineering, product, and leadership audiences — including framing risk in business terms for non‑security audiences
• (Desirable) Experience working in regulated environments
• (Desirable) Exposure to incident response coordination at scale, including post‑mortem leadership
• (Desirable) Background in threat modeling programs at engineering org scale
• (Desirable) Experience supporting AI/ML workloads from a security angle (model supply chain, prompt injection defenses, agent guardrails)
• Not sure if you meet all the requirements for this role? Please apply anyway. You might bring something special to the team that we hadn't considered previously

What the job involves

• Lead Product Security at Taxfix - a fintech platform serving millions of users
• You’ll own the security function end‑to‑end: strategy, tooling, and a small but growing team (currently two Security Engineers)
• This role is part hands‑on security engineering and part emerging people leadership
• You’ll build alongside your team while growing into an engineering management role, with structured coaching and support from your senior manager
• Lead and grow the team
• Hire, coach, and develop Security Engineers — run meaningful 1:1s, set development goals, and actively manage performance
• Build a high‑performance team culture rooted in psychological safety, ownership, and continuous improvement
• Champion AI adoption within the team — encourage AI‑assisted workflows for security work (threat modeling, detection engineering, vulnerability triage) and continuously raise the bar on how AI is used to improve productivity
• Evaluate capacity, balance reactive vs. proactive security work, and advocate for the resources your team needs
• Own delivery and security posture
• Own the team's outcomes against OKRs: prioritize effectively, track progress with metrics, and delegate without micromanaging
• Own the technical direction for Product Security: application security, AI security, cloud security posture
• Ensure rigorous vulnerability management, incident response, and security‑in‑SDLC practices
• Shape security strategy
• Partner with Technical Leadership and Architecture to align security work with the broader technology strategy
• Own and evolve the security tooling stack: driving consolidation and effectiveness across the Taxfix group
• Support AI security needs: LLM security risks, adversarial testing, secure integration patterns, and AI threat modeling
• Evaluate technical trade‑offs: balancing risk, cost, developer experience, and delivery speed, and communicate them clearly to stakeholders, framing impact in business terms, not just technical severity
• Partner across the org
• Bridge your team and its stakeholders: Product Engineering, AI Engineering, Platform, Data, and Architecture — embedding security early in the development lifecycle
• Align priorities with peer EMs across Platform Engineering
• Proactively surface blockers, manage dependencies, and keep information flowing
• Communicate security posture, risks, and trade‑offs clearly to engineering leadership and, where relevant, to compliance, legal, and executive stakeholders