Senior Cybersecurity Engineer

Overview

Founders today are building global companies from day one — but the systems that manage their money were built for a different era. Aspire exists to change that!

We’re building the financial operating system for global founders, bringing banking, software, and automation into a single platform so businesses can move faster across borders and stay focused on building.

Aspire is built by people who think from first principles, care deeply about solving hard problems, and take real ownership of their work. Our team brings global experience from leading fintech and technology companies, and many of us are former founders and operators who understand what it takes to build thoughtfully, make trade-offs, and deliver at scale in a global environment.

Backed by leading global investors including Y Combinator, Peak XV, and Lightspeed, Aspire has been trusted by more than 50,000 startups and growing businesses worldwide to manage their finances since 2018. Together with partners like J.P. Morgan, Visa, and Wise, we’re building for the next generation of global companies.

About The Team

At Aspire, we recognize that data and infrastructure security are paramount to the success and trust of our customers. Our Security Team is at the forefront of protecting and securing our systems, ensuring compliance with industry best practices, and continuously learning and evolving to stay ahead of emerging threats. Our emphasis extends to data privacy, seamlessly integrating it into our security initiatives.

About The Role

Key Responsibilities:

• AppSec Program Management: Build and maintain end-to-end security testing processes, managing the Responsible Disclosure Policy and coordinating remediation with engineering teams.
• DevSecOps Implementation: Integrate SAST, SCA, and Secret Detection into the CI/CD pipeline (GitHub) and develop custom automation to prevent data leaks.
• Cloud & Infrastructure Security: Manage CSPM tools (Orca) and WAF (Cloudflare), conduct AWS infrastructure reviews, and perform internal network penetration tests.
• Vulnerability Management: Identify and resolve critical vulnerabilities (including LLM-specific risks) and patch Docker/application dependencies.
• Monitoring & Compliance: Build security dashboards to track KPIs, automate PII detection in logs, and support ISO/SOC2 audits with technical evidence.
• External Penetration Testing: Scope, manage, and coordinate external penetration testing engagements with third-party vendors, communicating findings and tracking remediation to closure.
  
  

• Education & Experience: Bachelor’s degree in Computer Science, Information Security, or equivalent practical experience. 3+ years of hands-on experience in Application Security, Product Security, or Cloud Security.
• Web Application Security: Deep understanding of web application vulnerabilities (OWASP Top 10, SANS 25) with the ability to identify, exploit, and remediate issues like SQL Injection, XSS, IDOR, and Access Control flaws.
• Cloud Security (AWS): Strong experience securing AWS environments. Proficiency with IAM, Security Groups, NACLs, and conducting infrastructure security reviews.
• DevSecOps & Automation: Experience implementing security in the CI/CD pipeline (e.g., GitHub Advanced Security, SAST, SCA). Proficiency in scripting (Python, Bash, or Go) to build custom security tools, log monitoring automations, or pre-commit hooks.
• Container Security: Hands-on experience with Docker/Kubernetes security, including identifying and patching vulnerabilities in container images and dependencies.
• Tooling: Experience managing security tools such as CSPM (e.g., Wiz), WAF (e.g., Cloudflare), and vulnerability scanners.
• Collaboration: Proven ability to work cross-functionally with Product Managers, DevOps, and Engineering teams to prioritize and drive security remediation without blocking releases.
  
  

• LLM & GenAI Security: Experience threat modeling for Generative AI workflows (LLM Injection, Prompt Engineering attacks) and securing AI/ML integrations.
• Advanced Cloud Networking: Experience configuring WAF rules, rate limiting, and bot protection (specifically Cloudflare) to mitigate DDoS and abuse.
• Compliance & GRC: Familiarity with compliance frameworks such as ISO 27001, SOC2, or PCI-DSS, and experience collecting technical evidence for audits.
• Program Management: Experience running a Bug Bounty or Responsible Disclosure program and coordinating with external researchers.
• Certifications: Industry-recognized certifications such as OSCP, OSWE, CISSP, or AWS Certified Security – Specialty.
• Threat Modeling: Experience conducting threat modeling sessions for complex features and architectural reviews.