Principal Information Security Engineer

Self Financial is a venture-backed, high-growth FinTech company with a mission to increase economic inclusion and financial resilience by empowering people to build credit and build savings. We're looking for people who share our passion and are driven to tackle challenges, find solutions and make the financial space better for the communities we serve. Our team is passionate about challenging the status quo of the credit industry by providing people accessible tools to take control of their credit. Executing on our mission requires deep collaboration across our teams to ensure our products reach the people who can benefit from them the most, particularly the 100 million+ Americans who have no or low credit. We celebrate diversity and are committed to creating an inclusive environment for all employees. To that end, we seek to recruit, develop and retain the most talented people from a diverse candidate pool. Role Summary The Principal Information Security Engineer leads cybersecurity operations and defense across all Self products and infrastructure. This role is instrumental in protecting customer data, ensuring compliance with SOC 2 and PCI requirements, and partnering closely with engineering and IT teams to detect, investigate, and respond to security threats. The ideal candidate brings deep expertise in security operations, threat detection, and incident response, along with hands-on experience building and evolving effective security capabilities. What You Will Do Own end-to-end cybersecurity operations, including threat detection, incident response, and vulnerability management across all Self products and infrastructure Build, tune, and maintain detection capabilities within a SIEM platform to identify threats, anomalies, and policy violations Operate and optimize endpoint detection and response (EDR) solutions, including alert triage, threat hunting, and containment Manage cloud security posture, including misconfiguration identification, risk prioritization, and remediation tracking Administer and optimize secure access and web security platforms, including data loss prevention policy enforcement, shadow IT visibility, and web threat protection Design, manage, and optimize network security controls and cloud-native networking to enforce zero-trust principles and secure perimeter defenses. Lead incident response efforts, from detection through containment, eradication, and post-incident review Conduct proactive threat hunting across endpoint, network, and cloud environments Propose and implement scalable security processes that improve operational efficiency and reduce manual effort Partner with engineering and infrastructure teams to remediate critical security findings and reduce attack surface Lead and perform third-party vendor security reviews and risk assessments Support SOC 2 and PCI compliance efforts, including audit preparation and evidence collection Identify security risks across the environment and recommend mitigation strategies Monitor emerging cybersecurity threats and translate them into actionable detection and prevention controls Who You Are 12+ years of experience in cybersecurity, security operations, or information security engineering Hands-on experience with security monitoring and log analysis platforms for detection engineering Proficiency with endpoint detection and response tools for threat detection and investigation Experience using cloud security posture management tools for cloud security visibility and risk remediation Hands-on experience with CASB/SSE platforms for data loss prevention, shadow IT visibility, and secure web access Solid understanding of network security, cloud security, and identity and access management Experience with vulnerability management programs and remediation workflows Strong understanding of adversary tactics, techniques, and procedures (TTPs) and how they apply to modern environments Strong background in incident response, including investigation, containment, and root cause analysis Experience supporting or operating within SOC 2 and PCI compliance environments Ability to partner effectively with engineering and infrastructure teams to drive security outcomes Strong risk assessment, prioritization, and communication skills Preferred Qualifications Experience performing third-party vendor security assessments Familiarity with cloud-native architectures and container security Prior experience in fintech, regulated industries, or environments handling sensitive customer data Experience with threat intelligence platforms and integrating feeds into detection workflows Security certifications such as CISSP, CISM, GCIA, GCIH, GCED, or equivalent experience Base salary range: $ 180,000-210,000 annually.  Individual pay is based on factors unique to each candidate, including skill set, experience, and other job-related reasons.  Benefits and Perks: We have the compensation and benefits you expect. But there's one thing that Self Financial can offer that many companies cannot: we can positively change the world, while making a profit. We are a team of Builders, empowering our customers to build their dreams. We have a Do the Right Thing ethos in all that we do, and we hope you value that approach, too.  Our perks include: Company equity in the form of Stock Options Performance-based bonuses Generous employer-paid health, vision and dental insurance coverage Flexible vacation policy Educational assistance Free gym membership Casual dress code Team building events and activities Remote work arrangements/ flexible work schedule Paid parental leave  Self Financial requires all employees hired to successfully pass a background check. We are an Equal Opportunity Employer. At this time, we are only able to consider applicants who are U.S. Citizens or Green Card Holders for employment opportunities. We appreciate your understanding. Offices: (Austin); Remote (Remote);