About Us:
Spreedly is the world's leading Open Payments Platform, sitting at the center of a network processing more than $50b of GMV annually. Spreedly's Payments Orchestration platform enables and optimizes digital transactions with the world’s most complete payment services marketplace. Built on Spreedly’s PCI-compliant architecture, our Advanced Vault solution combines a modern feature-set with rule-based configurations to optimize the vaulting experience for all stored payment methods. Global enterprises and hyper-growth companies grow their digital business faster by relying on our payments platform. Hundreds of customers worldwide secure card data in our PCI-compliant vault and use tokenized card data to enable and optimize over $45 billion of annual transaction volumes with any payment service.
Our vision is that the world is better with a diversified, inclusive payment ecosystem. Our mission is to accelerate commerce with an open, secure, and flexible payment platform that welcomes all payment participants. Our employees help us execute our vision by building a culture focused on autonomy, transparency, and collaboration in a dynamic, high-growth organization.
Product Offering:
Spreedly provides an open payments platform. The platform’s connectivity provides payments performance. Key products and services include:
Payment Gateway Integration: Connects merchants, platforms, and marketplaces to multiple payment gateways and payment services.
Tokenization: Securely stores and manages payment data with a universal tokenization service.
Transaction Routing: Enables intelligent routing of transactions to optimize success rates and costs.
Payment Vault: A secure storage solution for sensitive payment information.
Fraud Tools Integration: Integrates with various fraud prevention tools to enhance transaction security.
About the Role:
As a Senior Cybersecurity Engineer at Spreedly, you will be a crucial member of Spreedly's Information Security Team within the Engineering department. Reporting directly to the Chief Information Security Officer, your role involves actively contributing to the ever-expanding body of work that is Information Security at Spreedly: fortify our systems, networks, and data against evolving cyber threats.
This senior position provides a unique opportunity for a seasoned professional to bring expertise in security operations. You will run various security efforts ensuring the confidentiality, integrity, and availability of Spreedly’s data, specifically focused on securing our applications, content delivery network (CDN), and managing vulnerabilities across our technology stack. Your role is integral to supporting the overall security posture of our organization as we continue to innovate and grow.
Responsibilities:
Perform comprehensive security assessments of applications, including static and dynamic code analysis, threat modeling, and penetration testing
Coordinate Spreedly’s penetration testing program working with internal and external stakeholders
Collaborate with development teams to integrate security into the software development lifecycle (SDLC) and advocate for secure coding practices
Implement and manage application security tools, such as WAF, SAST, DAST, and RASP solutions
Develop and maintain secure design and coding standards
Design and implement security measures for CDNs to protect against DDoS attacks, data breaches, and other threats
Monitor CDN configurations to ensure optimal performance and robust security
Work closely with infrastructure, IT Security, and DevOps teams to monitor and respond to security incidents
Manage vulnerability scans and the remediation lifecycle, prioritizing vulnerabilities based on risk
Work across multiple teams to ensure timely patching and mitigation of security gaps
Develop and maintain metrics and reporting to track the effectiveness of vulnerability management programs
Conduct security monitoring activities, learning to evaluate system and network behaviors to detect and respond to potential security threats
Act as the subject matter expert for incident response efforts for application and CDN-related security incidents, including root cause analysis and remediation
Mentor team members and provide expertise to other teams within the organization
Collaborate with compliance teams to ensure adherence to regulatory and industry standards such as PCI-DSS, SOC 2, ISO 27001, and others
Stay updated on the latest security trends, threat intelligence, vulnerabilities, and attack vectors relevant to the organization’s technology
Requirements:
5+ years of experience in cybersecurity, with a focus on application security, CDN security, and vulnerability management
Proficient in programming and scripting languages such as Python, Ruby, JavaScript, or similar
Experienced in Linux systems management (e.g., AmazonLinux, Ubuntu, RHEL) and cloud environment (e.g., AWS, Azure, Google Cloud) configuration and management
Hands-on experience with application security tools (e.g., Burp Suite, OWASP ZAP, GitHub Advanced Security) and CDN platforms (e.g., Fastly, Akamai, AWS CloudFront)
In-depth knowledge of secure coding practices, OWASP Top 10, and common attack vectors
Strong understanding of vulnerability management frameworks and tools (e.g., Crowdstrike, Qualys, Rapid7)
Ability to convey complex security concepts to technical and non-technical audiences
Additional Skills We Value:
Prior experience at a SaaS-based company or startup
Relevant certifications such as CISSP, OSCP, CEH, or GIAC
We Offer Our US-Based Employees:
Competitive salary + Equity
Outstanding Medical and Dental benefits, including 100% employer-paid options
Company-paid Life and Disability insurance
Optional vision and supplemental insurance options, and various Flexible Spending Accounts (FSA)
Open Paid Time Off policy + 12 weeks of paid leave for new parents
Matching 401(k) plan (5% up to $5,000 yearly)
Monthly home working/digital lifestyle stipend, new MacBook, and one-time accessory reimbursement
Access to company-paid professional coaching service
Visits to HQ in Durham, North Carolina for remote employees
#LI-AE1
Spreedly is an equal opportunity employer. We are committed to fostering, cultivating, and preserving a culture of diversity, equity, inclusion, and belonging. We actively work to drive out even unintentional discrimination in our hiring processes via practices like blindly graded work samples, structured interviews, and diversity awareness training.
Due to the sensitive nature of what Spreedly does - handling payment data - finalist candidates must complete a successful background and reference check.
At this time Spreedly is unable to provide sponsorship for employment, and we are not set up to support remote employees who reside in California or New York. In order to be considered for employment, applicants must be currently legally authorized to work in the job location country and not require future sponsorship in order to continue working in that country.
We appreciate your interest in our company. Because of the high volume of resume flow, we may only respond to those candidates that we think will be a potential fit.
