Senior Security Engineer

About Us

Vanilla is the leading estate advisory platform that makes it easy to deliver holistic wealth planning for every client. With Vanilla, you get powerful software for client engagement, estate planning, analysis, and document creation–all supercharged with AI and 180+ years of T&E expertise. Leading advisors from firms like Vanguard, Mariner, and Hightower trust Vanilla to model 25,000+ client estates, grow revenue, and expand relationships for generations to come.

Job Summary

We’re looking for a Senior Security Engineer to help us scale and strengthen our security posture across infrastructure, product, and operations. You’ll work cross-functionally with engineering, legal, and compliance teams to ensure our systems meet the highest standards, particularly around frameworks like SOC 2. You’ll also play a hands-on role in proactively identifying vulnerabilities, improving our internal security processes, and occasionally assisting with customer-facing security conversations.

This role is ideal for someone who enjoys solving complex technical security problems, building scalable tools and processes, and collaborating across teams to drive security initiatives forward.

This role is a remote position, you must be based out of one of the following states: CA, CO, CT, DE, FL, GA, ID, IL, IN, KY, MA, MD, ME, MN, NC, NH, NJ, NY, OH, OK, PA, RI, SC, SD, TX, UT, VA, WA, and WA D.C.

Responsibilities:

• Design and enforce technical security policies, standards, and controls across infrastructure and applications

• Collaborate closely with engineering teams on:

  • Threat modeling and security assessments

  • Code reviews with a security focus

  • Vulnerability scanning, remediation, and pentesting cycles

• Build tools and processes to detect threats, automate compliance, and improve system defenses

• Support SOC 2 and other compliance efforts by working with legal, compliance, and engineering

• Provide guidance and hands-on support to the internal IT team, serving as a technical escalation point for complex issues and helping to implement secure practices across endpoint management, access controls, and internal systems

• Partner with internal teams to ensure secure design and deployment of new products and features

• Act as a security point of contact to address customer needs (e.g., answering questionnaires or describing controls)

• Contribute to incident response processes and postmortem reviews

• Stay current with industry trends, vulnerabilities, and emerging security technologies

Required Qualifications:

• 12+ years of overall experience in software engineering, infrastructure, or technical operations roles, with a strong foundation in system design and development

• 8+ years of hands-on experience in a security engineering role, focused on application, infrastructure, or cloud security in a modern tech environment (SaaS or fintech preferred)

• Deep understanding of securing Web Applications, APIs, and SaaS platforms, including authentication, access control, and data protection

• Strong familiarity with cloud security, especially in AWS, including tools like GuardDuty, WAF, IAM, and security best practices

• Proficient in Infrastructure-as-Code and modern deployment workflows (Terraform, Helm, GitOps)

• Experience with container orchestration and security (Kubernetes, EKS)

• Demonstrated experience with security assessments: threat modeling, secure code review, vulnerability detection, and remediation

• Experience working within compliance frameworks (e.g., SOC 2, ISO 27001) and collaborating with legal, compliance, and engineering teams

• Clear and effective communicator, able to explain technical security concepts to both technical and non-technical audiences

• BS in Computer Science, Security, or equivalent professional experience

• Candidates must be legally authorized to work in the United States without the need for sponsorship now or in the future. Vanilla is unable to provide visa sponsorship at this time.

Benefits:

• Flexible paid time off policy and 10 company-wide paid holidays 

• Parental leave, 4 weeks for all full-time employees and up to 12 weeks for birthing parents

• Medical, dental, and vision benefits coverage for employees and their families 

• 401K eligibility after one month of employment

• Free estate planning documents

• Budget for learning & development and home office setup 

• Paid parking or transit for hybrid and in office employees 

Vanilla Technologies Inc. (dba "Vanilla") provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Vanilla participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.