Atomic Financial

At Atomic we're focused on building an incredible business while also having a huge social impact. Financial struggles are a leading cause of stress for people around the world. Our business is helping solve those financial issues for the most vulnerable people in our society. We work with 11 of the top neobanks in the country and have successfully raised from some of the best financial technology investors in the world including Greylock, Core Innovation Capital, and Portage. We are working to build a diverse organization and are excited to accept field applications from any and all candidates that feel they would be a good fit for this role. We're looking to fill multiple roles in security (and others). We're looking for a Senior Application Security Engineer. This position will analyze software architecture and SDLC to ensure security best practices and our compliance controls are followed. The engineer will also help find and resolve security issues in code and processes. The team is responsible for core software architecture, platform systems, ensuring the ability to scale rapidly, infrastructure stability, and act as a force multiplier to our other engineers through improving DevX. Responsibilities include: - Perform code reviews in Typescript and Go to locate vulnerabilities and demonstrate severity by writing proof-of-concept exploits. - Participate in architecture decisions - Address OWASP and general security best practices in our application - Helping level up other software engineers in secure coding practices - Backend software development in more sensitive components of our application. If this sounds interesting to you, please apply at. We're also looking to hire a Senior Platform Security Engineer. Our team helps guide core software architecture and ensures platform reliability, stability, and security. Our goal is to act as a force multiplier and push forward the development organization and lifecycle. Responsibilities include: - Defining our security and compliance controls and ensuring our infrastructure follows those - Understanding of threat modeling concepts and frameworks such as MITRE ATT&CK, STRIDE, etc. to better test our infrastructure for vulnerabilities and prepare for possible attacks - Assessing security tools (particularly open-source tools) and extending our CI/CD process with automatic security scanning for vulnerable dependencies, static code analysis, and compliance checks - Triaging and managing vulnerabilities identified through scanning and manual efforts - Providing actionable and constructive feedback to level up our other engineers knowledge around cloud security. If this sounds interesting to you, please apply at