Security Engineer

About Float

Float is on a mission to simplify finance for Canadian businesses, empowering them to eliminate complexity and unlock new opportunities. Through our innovative platform, Float enables businesses to streamline spending and optimize cash flow, so they can focus on what matters most: growth. As one of Canada’s fastest growing companies and top-rated startups in 2024 and 2023, Float is customer-obsessed, passionate, and entrepreneurial, with a team that includes leaders from Uber, Shopify, Top Hat, Ritual, Ada, and more.

At Float, everyone is an owner, bringing their unique perspective to our team and product. Your voice is important, and we take having a culture based on feedback seriously. We openly share our thoughts and differing opinions so we can continue to improve. We do our best to keep our decision-making decentralized so that all team members feel ownership in our success.

Our product

Float is Canada’s first finance platform designed to empower businesses with fast, flexible, and accessible financial solutions. Our integrated suite of products—including corporate cards, bill pay, reimbursements, and financial services—rethinks how companies access capital, streamline spending, and manage growth. Backed by world-class investors like Tiger Global, Golden Ventures, and Susa Ventures, we’re disrupting the global B2B finance space—and we’re looking for bold innovators to help shape the future of business finance.

About the Security Engineer role:

In this role, you will be responsible for protecting Float’s data and platforms from cyber threats, ensuring the security and integrity of our financial services platform. You will work closely with cross-functional teams, including engineering, product management, Infrastructure and compliance, to design and implement robust security measures that align with industry best practices and regulatory requirements.

As a Security Engineer at Float, you will:

• Develop, implement, and maintain security policies, standards, and procedures to safeguard sensitive financial data.
• Conduct risk assessments and vulnerability assessments to identify security weaknesses and recommend remediation strategies.
• Collaborate with engineering teams to integrate security controls into the software development lifecycle (SDLC) and promote secure coding practices.
• Monitor security systems and incident response tools to detect and respond to potential security breaches in real-time.
• Perform regular security audits, penetration testing, and threat modeling to ensure the ongoing security posture of applications and infrastructure.
• Stay up-to-date with the latest security trends, vulnerabilities, and regulatory requirements affecting the fintech industry.
• Provide security awareness training and support to employees and stakeholders to promote a culture of security across the organization.
• Assist in the development and execution of disaster recovery and business continuity plans to mitigate risks associated with data loss.

Requirements

• Familiarity with integrating security practices into CI/CD pipelines, ideally using tools compatible with your existing setup (such as Buildkite).

• Understanding of Infrastructure as Code (IaC) security, particularly with Terraform.
• Knowledge of relevant compliance frameworks (e.g., SOC 2, ISO 27001).
• Experience with risk assessment and management in cloud environments.
• Experience with network monitoring and intrusion detection/prevention.
• Experience with vulnerability scanning tools and methods for identifying, prioritizing, and remediating vulnerabilities. (e.g. Wiz)
• Understanding of common security vulnerabilities (e.g., OWASP Top Ten) and experience in security testing techniques.Hands-on experience with Auth0 and Okta for user management, single sign-on (SSO), and multi-factor authentication (MFA).
• Familiarity with implementing and managing IAM policies, RBAC, and best practices for user lifecycle management.
• Experience with securing PostgreSQL databases (e.g., access control, encryption, auditing).
• Proficiency in Python for scripting, automation, and API integrations.
• Ability to create and maintain security automation tools and scripts.
• Strong analytical and problem-solving skills.
• Excellent communication skills for collaboration across teams.

You’ll be great in this role if:

• You’re an owner. You love a challenge, and take great satisfaction in tackling them head on. You love being a pioneer and taking on any task (big or small) and driving it through to completion. You are also comfortable making independent decisions and following your instincts to be able to move quickly.
• You’re able to explain complex problems in simple terms. As you'll be communicating your requirements to different stakeholders, your ability to present a solution in an understandable way is vital.
• You have solid technical skills. Strong skills in Security, Authentication,  Infrastructure, Cloud technologies, Development, Vulnerability Management and Threat detection and remediation. 
• You understand the business context. You'll be more effective if you understand how your role supports the business and where you can influence the vision and strategy of Float.
• You’re comfortable with a fast-paced environment. Float is a dynamic environment and things can change quickly. You should be flexible and able to adapt to changes as they occur.
• You have a strategic mindset. You act in the now but plan for the future. You see where our platform needs to go, put a plan in place and proactively drive that change.
• You can balance attention to detail and strategic thinking. While it's important to delve into the details of your data, it's equally important to keep the big picture in mind.
• You ruthlessly prioritize. You will have multiple responsibilities and projects. Being able to effectively manage your workload and meet deadlines is crucial.
• You’re eager to continue your own learning. Scrappy and voracious, you want to know the ‘why’ behind every answer. You love to have healthy debates with fellow developers and colleagues about the product.

This role won’t be a fit if:

• You’re not extremely detail oriented
• You are not open to a hybrid role
• You aren’t a self-starter and don’t like to work independently
• You’re not comfortable wearing multiple hats
• You don’t like change and adapting to new ways of doing things
• You aren’t comfortable with ambiguity
• You aren’t able to translate technical jargon into simple language
• You lack patience for iterative work
• You want detailed to-dos for your tasks and projects
• You’re not keen on learning new things
• You don’t have strong stakeholder management skills
• You don’t like regular feedback on your work

Don’t meet every single requirement? If you’re excited about this role, and you strongly align with our values but your past experience doesn’t align perfectly, we encourage you to apply anyway. You may be the right candidate for this, or other future positions.

Benefits

...and Perks of working at Float:

• Competitive compensation & total rewards
• Flexible work hours and time off‍ when you need to recharge
• Small team = lots of autonomy to make an impact
• Opportunity to work with and learn from a world-class team
• A personal Float card with a quarterly stipend to spend on what matters most to you
• A dog-friendly office

• Being able to say you empowered Canadian businesses, the heartbeat of our economy, to thrive and grow