Key skills
TypeScriptPythonC++CGoRustAILLMAWSEKSRDSIAMDatadogCommunicationSnykPenetration Testing
About this role
SentiLink provides innovative identity and risk solutions, empowering institutions and individuals to transact with confidence. The Principal Information Security Engineer will lead and elevate security across SentiLink’s infrastructure, applications, and internal systems, focusing on building scalable security foundations while enabling the business to move quickly and safely.
Responsibilities:
- Design and build internal security tooling from scratch, including agent-based security tooling, code analysis tooling, dynamic scanning, and security assessment tools
- Identify vulnerabilities across SentiLink's AWS-based stack, including application code, cloud service configurations, and integrations between the two
- Develop AI-assisted and agent-based tooling to scale offensive security testing beyond what a small team can do manually
- Build and maintain security automation that improves detection, response, and remediation across the organization
- Conduct hands-on penetration testing and vulnerability research against SentiLink's infrastructure and applications
- Partner with engineering teams to remediate findings and embed security into the development process without slowing them down
- Participate in the security on-call rotation, including incident response and regular response testing
- Contribute to threat modeling and security design reviews for new systems, with a focus on cloud integrations and identity flows
- Stay current on offensive security techniques, AI-assisted security tooling, and emerging attack patterns relevant to fintech and identity verification
Requirements:
- 8+ years of experience in security engineering, software engineering with a security focus, or closely related roles
- Proficient in at least one systems language (Go, Rust, C++) and at least one higher-level language (Python, TypeScript)
- Proven ability to design and ship production software end-to-end
- Deep AWS infrastructure expertise, including IAM, EKS, RDS, networking, and managed services
- Demonstrated ability to identify security misconfigurations and vulnerabilities across cloud architectures, application code, and the integrations between them
- Experience conducting or building tooling for penetration testing, vulnerability assessment, or red team activities
- Track record of building security automation and tooling from scratch
- Comfortable operating independently on ambiguous problems without heavy process or oversight
- Strong communication skills and the ability to partner with engineers who are not security specialists
- Experience building or deploying LLM-based agents or AI-assisted security tooling
- Prior experience at a security product company (Wiz, Snyk, Datadog, etc.) or other security-forward engineering org
- Prior fintech, identity, or fraud detection experience
- Industry certifications (OSCP, OSCE, GPEN, GXPN)
- Experience with detection engineering or SIEM platforms
- Published security research, CVEs, or open source security tooling contributions
- Experience supporting compliance frameworks (FedRAMP, SOC 2, PCI DSS) without it being their primary focus