Principal Cybersecurity Engineer

Array is a financial innovation platform that helps digital brands, financial institutions, and fintechs get compelling consumer products to market faster. We deliver a suite of credit and identity monitoring tools, privacy protection, and a financial ads marketplace via embeddable widgets or a clean, modern API.  Our private label offerings help drive revenue and increase engagement for our customers while empowering millions of consumers to achieve their financial goals.

As a remote-first company, we’re focused on providing opportunities for high performing individuals to have deep impact in the fast growing fintech space. A clear mission, a commitment to continuous improvement and a willingness to experiment empower us individually and together deliver the best products for our clients and users.

The Principal Cybersecurity Engineer will be responsible for proactively defending Array’s systems, networks, and APIs from malicious cyberattacks while shaping the organization's overall security strategy. Reporting to the VP,Information Security, you will leverage your expertise to protect and harden Array’s production environment, ensure compliance with industry standards, and lead incident response efforts.

All engineering roles at Array are subject to on-call rotations after a ramp/training period. This position is open to contract or full-time employment.

You Have:

• A degree in Computer Science, Computer Engineering, IT, Systems Engineering, or a related field.
• Minimum 8  years of combined experience in Cyber Security and Software Development
• Programming skills in one or more languages (Go, Python, or JS). 
• Experience with security testing tools and techniques (e.g., Burp Suite,SonarCloud). 
• Familiarity with security frameworks and standards (e.g., OWASP, NIST, PCI). 
• Experience with secure software development practices (e.g., DevSecOps). 
• Ability to champion and maintain a secure software development program.  
• Ability to mentor, peer review, and assess code with a “security first” lens
• Experience in securing micro service based architectures and delivery solutions.
• Expertise in securing cloud based architectures including GCP, AWS, and Azure as well as traditional infrastructure 
• Strong awareness of cybersecurity trends, hacking/exploitation techniques, and the latest defensive measures.
• Interest in securing cloud environments from cyber exploitation.
• Exceptional attention to detail with an analytical mind and outstanding problem-solving skills.
• A belief that AI is reshaping work, you instinctively use it to accelerate everything you do.

You Will:

• Participate in the design, development, and testing of secure software and architecture
• Lead incident response and remediation efforts for system and network security events.
• Plan, prioritize, implement, manage, monitor, and upgrade security measures to protect Array’s data, systems, and networks.
• Analyze security event logs, application and network data, and correlation rules while developing analytics to enhance Array's security posture.
• Conduct code reviews and mentor to identify and address security vulnerabilities. 
• Identify emerging information security threats and implement proactive defense measures.
• Evaluate architectural changes for security implications, recommend enhancements, and contribute expertise during architecture reviews to harden Array’s evolving platform.
• Develop and maintain information security activity monitoring reports.
• Produce assessments and communicate findings and recommendations to relevant teams across the organization.
• Maintain a habit of using AI tools to think, build, and ship faster—it’s your default, not an afterthought.

Nice to Haves:

• Familiarity with security measures across multi-vendor platforms.
• Experience with ethical hacking and penetration testing.
• Reverse engineering expertise.
• Industry-recognized certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), GIAC Certified Incident Handler (GCIH), or Certified Information Systems Security Professional (CISSP).
• Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), GIAC Certified Incident Handler, (GCIH), Certified Information Systems Security Professional (CISSP).

Pay transparency: $220,000 + for base salary, depending on experience.

Expected interview process: Recruiter Conversation - Hiring Manager Interview - Loop round: VP of Infrastructure and Infosec, Principal Software Engineer

Array Offers All Full Time Employees the following Benefits and Perks: 

• Full medical, dental, and vision, premiums covered at 100% for full-time employees and 70% for dependents
• Unlimited PTO and sick leave + 14 company holidays to encourage a healthy work-life blend
• 100% 401k match up to 4% with immediate vesting 
• Generous and competitive parental leave for all parents
• $1,000 desk setup subsidy to set-up your unique remote office 
• $100/month to subsidize wifi/cell phone expenses
• Summer Fridays (half-day Fridays) typically from late May to the end of August
• AnniversArray Kits for work anniversaries

Not sure if you meet the Qualifications? We know that folks tend to only apply if they check every box. If you think you have the appropriate qualifications, but don’t meet every single one, we encourage you to still apply. We’d love to hear from you.

One of our core values at Array is to care and support one another, and that’s why we strive to create an environment where everyone feels empowered to bring their best selves to work. Diversity, equity, and inclusion foster collaboration, comfort, and confidence.  We’re at our collective best when we each feel our best.

We are proud to be an equal opportunity workplace; we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.