Principal Information Security Engineer

SentiLink provides innovative identity and risk solutions, empowering institutions and individuals to transaction with confidence. We’re building the future of identity verification in the United States replacing a clunky, ineffective, and expensive status quo with solutions that are 10x faster, smarter, and more accurate. We’ve seen tremendous traction and are growing extremely quickly. Our real-time APIs have helped verify hundreds of millions of identities, starting with financial services and rapidly expanding into new markets. SentiLink is backed by world-class investors including Craft Ventures, Andreessen Horowitz, NYCA, and Max Levchin. We’ve earned recognition from TechCrunch, CNBC, Bloomberg, Forbes, Business Insider, PYMNTS, American Banker, LendIt, and have been named to the Forbes Fintech 50. We have also been named a 2026 FICO Industry Vanguard Decision Award Winner. Last but not least, we’ve even made history - we were the first company to go live with the eCBSV and testified before the United States House of Representatives on the future of identity. SentiLink supports a variety of ways to work, ranging from fully remote to in-office. We operate as a digital-first company with strong collaboration across the U.S. and India. We maintain physical offices in Austin, San Francisco, New York City, Seattle, Los Angeles, and Chicago in the U.S., and in Gurugram (Delhi) and Bengaluru in India. If you’re located near one of these offices, we would love for you to spend time in the office regularly. Some roles are hybrid or in-office by design. For example, our engineering team in India works primarily from our Gurugram office. Role: We’re looking for a Principal Information Security Engineer to lead and elevate security across SentiLink’s infrastructure, applications, and internal systems. This is a highly technical, hands-on role focused on building scalable security foundations while enabling the business to move quickly and safely. You will partner closely with Engineering, Infrastructure, Product, Legal, and Compliance teams to design secure systems, improve detection and response capabilities, strengthen cloud security posture, and reduce organizational risk. You’ll help shape long-term security strategy while remaining deeply involved in technical implementation and operational execution. This role is best suited for someone who combines strong technical depth with practical judgment and thrives in fast-moving, high-ownership environments. Responsibilities: Design and build internal security tooling from scratch, including agent-based security tooling, code analysis tooling, dynamic scanning, and security assessment tools Identify vulnerabilities across SentiLink's AWS-based stack, including application code, cloud service configurations, and integrations between the two Develop AI-assisted and agent-based tooling to scale offensive security testing beyond what a small team can do manually Build and maintain security automation that improves detection, response, and remediation across the organization Conduct hands-on penetration testing and vulnerability research against SentiLink's infrastructure and applications Partner with engineering teams to remediate findings and embed security into the development process without slowing them down Participate in the security on-call rotation, including incident response and regular response testing Contribute to threat modeling and security design reviews for new systems, with a focus on cloud integrations and identity flows Stay current on offensive security techniques, AI-assisted security tooling, and emerging attack patterns relevant to fintech and identity verification Requirements: 8+ years of experience in security engineering, software engineering with a security focus, or closely related roles Proficient in at least one systems language (Go, Rust, C++) and at least one higher-level language (Python, TypeScript) Proven ability to design and ship production software end-to-end Deep AWS infrastructure expertise, including IAM, EKS, RDS, networking, and managed services Demonstrated ability to identify security misconfigurations and vulnerabilities across cloud architectures, application code, and the integrations between them Experience conducting or building tooling for penetration testing, vulnerability assessment, or red team activities Track record of building security automation and tooling from scratch Comfortable operating independently on ambiguous problems without heavy process or oversight Strong communication skills and the ability to partner with engineers who are not security specialists Nice to have: Experience building or deploying LLM-based agents or AI-assisted security tooling Prior experience at a security product company (Wiz, Snyk, Datadog, etc.) or other security-forward engineering org Prior fintech, identity, or fraud detection experience Industry certifications (OSCP, OSCE, GPEN, GXPN) Experience with detection engineering or SIEM platforms Published security research, CVEs, or open source security tooling contributions Experience supporting compliance frameworks (FedRAMP, SOC 2, PCI DSS) without it being their primary focus Compensation: $220k-280k/year + equity + benefits Perks: Employer paid group health insurance for you and your dependents 401(k) plan with employer match (or equivalent for non US-based roles) Flexible paid time off Regular company-wide in-person events Home office stipend, and more! Corporate Values: Follow Through Deep Understanding Whatever It Takes Do Something Smart Apply To This Job