Senior Security Engineer

Who You Are:

You are a Senior Security Engineer with a strong focus on application security and a deep understanding of securing CI/CD pipelines. You are experienced in collaborating with development and DevOps teams to integrate security throughout the software delivery lifecycle. You have a proactive mindset, strong technical skills, and a commitment to staying ahead of emerging threats and vulnerabilities. Your attention to detail and ability to automate security processes make you a key partner in ensuring secure software delivery.

Does this sound like you? If so, keep reading and apply today!

• Design and implement security controls and tools within CI/CD pipelines to protect against threats and vulnerabilities.
• Conduct security assessments, code reviews, and penetration testing on applications and infrastructure deployed through CI/CD workflows.
• Integrate security tools (e.g., SAST, DAST, dependency scanning) into CI/CD systems such as Jenkins, GitLab CI/CD, GitHub Actions, or CircleCI.
• Collaborate with DevOps teams to automate security checks and ensure secure configuration of build and deployment environments.
• Monitor and respond to security incidents related to CI/CD processes, including artifact integrity and pipeline tampering.
• Develop and maintain documentation for secure CI/CD practices, policies, and procedures.
• Stay up-to-date with emerging threats, vulnerabilities, and security technologies relevant to CI/CD and cloud-native environments.
• Educate and train development teams on secure coding practices and CI/CD security principles.
• Ensure compliance with regulatory standards (e.g., SOC 2, ISO27001) in the software delivery lifecycle.

• 3+ years of experience in security engineering, DevSecOps, or a related role.
• Hands-on experience securing CI/CD pipelines using tools like Jenkins, GitLab CI/CD, GitHub Actions, or similar platforms.
• Proficiency with security tools such as Sonarcloud Github Security
• Strong understanding of software development lifecycle (SDLC) and DevOps practices.
• Familiarity with containerization and orchestration technologies (e.g., Docker, Kubernetes) and their security implications.
• Knowledge of cloud platforms (e.g., AWS) and their security configurations.
• Experience with scripting languages (e.g., Python, Bash) for automation and tool integration.
• Excellent problem-solving skills and attention to detail.

• Experience with Infrastructure-as-Code (IaC) tools like Terraform or CloudFormation.
• Familiarity with secrets management tools (e.g., HashiCorp Vault, AWS Secrets Manager).
• Understanding of zero-trust security models and their application in CI/CD.
• Strong communication skills to collaborate across technical and non-technical teams.
• Ability to prioritize and manage multiple tasks in a fast-paced environment.
• Proactive mindset with a focus on identifying and mitigating risks early in the development process.

• We are attacking a trillion-dollar market with gross inefficiencies and seeking to transform the way an entire industry operates 
• You will have an impact on the design, architecture and implementation of markets that are often called the engine of US economy
• We value drive for excellence, independent thinking, teamwork and curiosity
• You will work with both government backed and industry leading companies to create a digital pipeline that facilitates real time trading of loans
• We have an experienced leadership team that previously built large and impactful platforms 
• Outstanding opportunity for professional growth and upward mobility 
• Direct engagement with the decision makers and senior business leaders 
• Competitive salaries
• 100% paid medical/vision/dental/disability/life insurance 
• Unlimited PTO
• Hybrid environment; 3x weekly in an innovation hub in San Francisco or Dallas

Let's get to know each other.

Polly has pioneered the next generation of mortgage capital markets technology with its cutting-edge, data-driven platform. Its enterprise-grade solutions, including the industry's only cloud-native, commercially scalable product, pricing, and eligibility (PPE) engine and first-of-its-kind Polly/™ AI platform, empower the nation's top banks, credit unions, and mortgage lenders to increase profitability, automate workflows, and revolutionize the loan officer and broker experiences. As a mortgage technology trailblazer, Polly is committed to driving meaningful value and ROI through best-in-class innovation that enables unlimited configurability, flexibility, granularity, and scalability. Polly was founded by a seasoned team of mortgage capital markets and technology experts and is headquartered in San Francisco, California. Recognized as a pioneer in mortgage capital markets, as well as in culture and career development, Polly was named to Forbes' America's Best Startup Employers in 2025. This evaluation was based on three key criteria: Employer Reputation, Employee Satisfaction, and Company Growth.

To learn more, follow Polly on LinkedIn or visit www.polly.io. Polly is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, age, color, national origin, religion, sex, gender identity, sexual orientation, marital status, pregnancy status, disability status, veteran status, or any other legally protected status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Beware of recruitment scams impersonating the Polly brand or our employees. Our team communicates only through official Polly channels, and we will never ask for sensitive information over text or conduct text-only interviews. If you are ever suspicious or in doubt, reach out to us directly at peopleteam@polly.io. We care deeply about this network and your experience.