Senior Information Security Engineer

Life at MX

We are driven by our moral imperative to advance mankind - and it all starts with our people, product and purpose. We always carry a deep sense of drive and passion with us. If you thrive in a challenging work environment, surrounded by incredible team members who will help you grow, MX is the right place for you.

Come build with us and be part of an award-winning company that’s helping create meaningful and lasting change in the financial industry.

The Senior Security Engineer is a senior individual contributor role focused on being the primary hands‑on builder, technical lead, and implementer of MX's security program. This position is designed for a self-starting technical lead with deep execution expertise in ubiquitous shift‑left security, application protection, and automated risk reduction. In addition to the focus on shift‑left security, this role will have Web Application and API Protection (WAAP) and Network Security focuses to drive widespread adoption of secure practices across engineering teams.

Reporting directly to the Director of Security Architecture and Engineering, and working closely with Cloud & Product Security Architecture to execute defined designs, the Senior Security Engineer leads the deployment, automation, and maturation of security controls y serve as the go‑to technical expert for implementation, troubleshoot complex issues, mentor engineers organization‑wide, and champion best practices to embed security deeply into infrastructure, platforms, and application workflows.

This role influences Cloud Engineering, Dev Ops, Platform, Application Development, and Security Operations teams to operationalize secure‑by‑design principles while maintaining alignment with compliance and risk requirements.

• Serve as the primary hands‑on builder for Fastly Next‑Gen WAF (Signal Sciences) across all production environments to mitigate web‑based attacks with low false positives.
• Lead the deployment and tuning of Cequence Unified API Protection for API discovery, behavioral abuse detection, and real‑time runtime enforcement.
• Standardize API security patterns across the organization, ensuring deep visibility into shadow APIs and automated blocking of malicious traffic.
• Partner with application teams to integrate threat modeling and security requirements into the design phase of new features.

• Detect & Prevent credential‑stuffing attacks ensuring Security Engineering is First‑To‑Know (FTK)

• Implement and mature policy‑as‑code frameworks (OPA/Rego or equivalents) tied to organizational guardrails.
• Enforce strict CI/CD quality gates that block critical and high‑severity vulnerabilities from reaching production using SAST/SCA tools like Snyk, Semgrep, or CodeQL.
• Drive integration of security scanning tools (IaC, containers, secrets, dependencies, SBOM) into CI/CD pipelines and evangelize shift‑left practices to development teams.
• Train and enable engineers to build securely from the start, reducing misconfigurations at the source.

• Deploy and manage AWS Network Firewall & Suricata IPS/IDS rules (or similar e.g. PAN) as code through Terraform to protect ingress, egress, and east‑west traffic.
• Implement and maintain advanced network security controls, including VPC Service Controls and hierarchical policies.
• Develop and tune detection rules for Network Security Services, partnering with SIEM owner; support threat hunting and incident investigations

• Implement and enforce security controls for Kubernetes clusters (EKS, GKE, or self‑managed), including cluster hardening, admission controls, and network policies.
• Drive system hardening across container layers: secure base images, runtime protection (e.g., Crowd Strike), image signing/verification, and vulnerability management.
• Integrate container security scanning (image vulnerability, misconfiguration, SBOM) into build pipelines; enforce runtime protections and least‑privilege for workloads.
• Develop and automate guardrails for Kubernetes configurations using…