[Remote] Principal Information Security Engineer
Note: The job is a remote job and is open to candidates in USA. SentiLink provides innovative identity and risk solutions, empowering institutions and individuals to transact with confidence. The Principal Information Security Engineer will lead and elevate security across SentiLink’s infrastructure, applications, and internal systems, focusing on building scalable security foundations while enabling the business to move quickly and safely.ResponsibilitiesDesign and build internal security tooling from scratch, including agent-based security tooling, code analysis tooling, dynamic scanning, and security assessment toolsIdentify vulnerabilities across SentiLink's AWS-based stack, including application code, cloud service configurations, and integrations between the twoDevelop AI-assisted and agent-based tooling to scale offensive security testing beyond what a small team can do manuallyBuild and maintain security automation that improves detection, response, and remediation across the organizationConduct hands-on penetration testing and vulnerability research against SentiLink's infrastructure and applicationsPartner with engineering teams to remediate findings and embed security into the development process without slowing them downParticipate in the security on-call rotation, including incident response and regular response testingContribute to threat modeling and security design reviews for new systems, with a focus on cloud integrations and identity flowsStay current on offensive security techniques, AI-assisted security tooling, and emerging attack patterns relevant to fintech and identity verificationSkills8+ years of experience in security engineering, software engineering with a security focus, or closely related rolesProficient in at least one systems language (Go, Rust, C++) and at least one higher-level language (Python, TypeScript)Proven ability to design and ship production software end-to-endDeep AWS infrastructure expertise, including IAM, EKS, RDS, networking, and managed servicesDemonstrated ability to identify security misconfigurations and vulnerabilities across cloud architectures, application code, and the integrations between themExperience conducting or building tooling for penetration testing, vulnerability assessment, or red team activitiesTrack record of building security automation and tooling from scratchComfortable operating independently on ambiguous problems without heavy process or oversightStrong communication skills and the ability to partner with engineers who are not security specialistsExperience building or deploying LLM-based agents or AI-assisted security toolingPrior experience at a security product company (Wiz, Snyk, Datadog, etc.) or other security-forward engineering orgPrior fintech, identity, or fraud detection experienceIndustry certifications (OSCP, OSCE, GPEN, GXPN)Experience with detection engineering or SIEM platformsPublished security research, CVEs, or open source security tooling contributionsExperience supporting compliance frameworks (FedRAMP, SOC 2, PCI DSS) without it being their primary focusBenefitsEquityBenefitsEmployer paid group health insurance for you and your dependents401(k) plan with employer match (or equivalent for non US-based roles)Flexible paid time offRegular company-wide in-person eventsHome office stipend, and more!Company OverviewSentiLink is an identity verification technology company that helps in detecting and blocking synthetic identities. It was founded in 2017, and is headquartered in San Francisco, California, USA, with a workforce of 51-200 employees. Its website is https://www.sentilink.com.Company H1B SponsorshipSentiLink has a track record of offering H1B sponsorships, with 2 in 2026, 7 in 2025, 4 in 2024, 6 in 2023, 4 in 2022, 2 in 2021. Please note that this does not guarantee sponsorship for this specific role.