Information Security Engineer

Hi, We’re AffiniPay! 

AffiniPay is a leading fintech company, based out of Austin, Texas. As the market leader in professional services payments and practice management software, AffiniPay’s tech products serve legal, accounting, architectural, engineering and construction firms. AffiniPay has been recognized as one of Inc. 5000’s fastest growing companies in the U.S. for 13 years in a row, and as a result, our teams continue to grow as well! 

The Security Engineer will focus on ensuring the security and integrity of AffiniPay's systems by working closely with IT Operations, Sales, and Privacy teams. This role will be responsible for improving security operations within AWS environments, providing technical leadership in incident response, data protection, and security best practices. The SE will also assist with product security initiatives, providing thought leadership for continuous improvement and supporting data privacy initiatives, such as DLP, data mapping, and classification. This role will require experience in incident, problem, and change management, and will work closely with other engineering teams to ensure seamless security integration across systems.

What You'll Do

• AWS Security Operations
  • Manage and maintain security across AffiniPay's AWS infrastructure, focusing on identifying vulnerabilities, reviewing security findings, and recommending areas of improvement to protect sensitive data and maintain compliance.
• Technical Leadership & Mentorship
  • Provide technical guidance and mentorship to the team of Information Security practitioners, offering strategic insight on operational security, cloud security, and application security. Lead efforts to mature the security posture across systems.
• Collaboration & Product Security
  • Work with IT Operations and Sales teams to support product security questions, provide security guidance for customer engagements, and ensure product innovations meet strict security standards.
• Data Privacy & Protection
  • Collaborate with the Privacy Operations team to assist with data mapping, data loss prevention (DLP), data scanning, and data classification efforts. Support ongoing initiatives to ensure the security and privacy of sensitive data and compliance with privacy regulations.
• Incident Response & Forensics
  • Lead incident response activities, including investigation, forensic analysis, and remediation of security incidents. Ensure that the incident response process aligns with best practices and business objectives.
• Process Improvement & Service Maturation
  • Evaluate technical solutions to business challenges, provide thought leadership to drive continuous improvements, and establish comprehensive system documentation. Support project management through status reporting and change management processes, representing changes via the Change Advisory Board (CAB).
• Secure Development Lifecycle Integration
  • Collaborate with Dev teams during the architecture and design phases to embed secure coding practices. Perform threat modeling, secure code reviews, and guide remediating vulnerabilities uncovered by tools like Snyk, GitHub secret scanning, and ASV scans. Collaborate with the Security-focused Quality Engineer to define and validate application-layer security controls. Provide input into secure test planning, support test case prioritization based on compliance obligations (PCI, SOC 2, HIPAA), and ensure that identified vulnerabilities are remediated, tested, and closed out in accordance with business risk tolerances.
• Security Tooling and Automation
  • Maintain and tune security tooling (e.g., Snyk, CrowdStrike, AWS Security Hub/GuardDuty). Integrate findings into Jira for tracking and support prioritization workflows with Engineering.
• Policy, Governance, and Risk Management
  • Collaborate with the Compliance team to define security policies, participate in control reviews for audits (SOC 2, PCI), and contribute to the organization’s risk register by identifying, escalating, and mitigating technical security risks.
• M&A and New Product Integration
  • Participate in due diligence and onboarding efforts for M&A targets and new product initiatives. Guide risk posture, data handling, and architectural security design.

About You

• 5-7 years of experience in security engineering or related roles, with a focus on cloud security, incident response, and data protection.
• Hands-on experience with AWS security, including vulnerability management, security operations, and cloud security best practices.
• Experience leading technical teams, guiding efforts across Incident, Problem, and Change Management frameworks.
• Strong experience in incident response and forensics, with proven skills in managing security breaches and mitigating risks.
• Certifications such as CISSP, CISM, CISA, CCSP, GSEC, or CEH are preferred.

Preferred Skills & Competencies

• Cloud Security Expertise
  • Deep understanding of AWS cloud infrastructure, with the ability to secure cloud assets, monitor systems, and remediate vulnerabilities efficiently
• Secure SDLC & CI/CD Experience
  • Proven experience integrating security into modern DevOps and CI/CD pipelines (e.g., GitHub Actions, Jenkins, CircleCI)
  • Familiarity with security tools like Snyk, GitHub Advanced Security, Trivy, or SonarQube, with the ability to triage, prioritize, and remediate code vulnerabilities across multiple languages
  • Ability to define security gates, write custom rules or policies, and collaborate with Engineering to enforce pipeline controls without disrupting velocity
  • Experience generating and maintaining SBOMs and ensuring OSS components are tracked for licensing and vulnerability exposure
• Infrastructure Security & Cloud Engineering Integration
  • Deep familiarity with securing AWS environments, especially around IAM, networking, and monitoring (CloudTrail, GuardDuty, Security Hub)
  • Ability to review Terraform/IaC templates, evaluate for security misconfigurations, and influence DevOps to integrate least privilege and audit-friendly configurations
  • Understanding of AWS Key Management Service (KMS), encryption at rest and in transit, and service hardening best practices
• Communication
  • Ability to communicate complex security issues effectively to technical and non-technical stakeholders, including Sales, Privacy, and IT Operations teams
  • Must have strong skills in translating security risks into business language
• Cross-Functional Engineering Enablement
  • Comfortable acting as a bridge between InfoSec, Dev, DevOps, and Product teams, translating risk and compliance requirements into engineering solutions
  • Experience contributing to or leading threat modeling exercises, working upstream with architecture and design teams
• Mentorship & Leadership
  • Strong ability to mentor junior engineers, providing guidance on technical security issues, best practices, and strategic initiatives
• Data Protection & Privacy
  • Experience supporting data privacy initiatives, including DLP, data classification, and compliance efforts related to SOC 2, PCI DSS, and HIPAA

Key Outcomes for Success

• Enhanced AWS Security Posture
  • Improve security monitoring, vulnerability detection, and remediation within AWS, ensuring the environment is hardened against threats and aligned with compliance requirements
• Secure CI/CD Pipelines
  • Establish and monitor security controls in CI/CD workflows, including vulnerability gating, secrets scanning, and pipeline hardening for all core services and brands
• Infrastructure Security Maturity
  • Drive adoption of AWS Security Hub, IAM least privilege, and remediations identified in platform-level security scans (e.g., header injection, TLS cipher updates)
• Code Risk Reduction
  • Lead Snyk-based remediation efforts, ensuring 95%+ resolution of critical vulnerabilities within SLA and proactive communication with Engineering stakeholders
• Incident Response Leadership
  • Lead and enhance AffiniPay's incident response efforts, ensuring timely and effective responses to security events while minimizing disruption to business operations
• Data Privacy Alignment
  • Collaborate with Privacy Operations to ensure that data mapping, DLP, and data classification initiatives are successful in safeguarding sensitive information and meeting compliance requirements
• Cross-Functional Security Guidance
  • Provide critical security expertise to Sales, IT Ops, and other teams, ensuring that AffiniPay's products and services meet the highest security standards and are prepared for market challenges.

Our Story

Founded in 2005, AffiniPay’s mission is to build technology products that helps professionals focus on the work they love. As the leader in the professional payments industry, AffiniPay’s products serve legal, accounting, architectural, engineering and construction firms. Our portfolio of software solutions include MyCase (Legal Practice Management Software), CASEpeer (Practice Management for Personal Injury Firms), and Docketwise (Immigration & Case Management Software). Our portfolio of payment solutions include LawPay (Legal), AffiniPay for Associations (Associations), CPACharge (Accounting Professionals), and ClientPay (Architect, Engineer, and Construction). AffiniPay’s products serve over one hundred thousand users, and we are noted as one of the fastest growing tech companies in Austin, Texas. We are constantly looking for talent to join our team to continue playing a key part in unlocking our potential. 

Diversity, Equity & Inclusion at AffiniPay

At AffiniPay, we recognize that innovation occurs with a strong team of people who are diverse in background, personality, talent and ideas. Experience comes in many forms and ensuring a diverse and inclusive workplace where we continue to learn from each other is an integral part of our culture. We are committed to creating a welcoming and transparent environment for all that embraces those differences through education, equal access to opportunities and information, inclusionary programs, and community outreach. 

Benefits that Benefit You! 

As a people first culture, we believe it is important that our teammates are happy, healthy, and productive.  In order to best support that, AffiniPay provides award-winning benefits that can make a difference in your life - right now and for the future.

• All employees receive fully covered medical, dental and vision coverage - Choose from our 2 available health plans based on what fits you and/or your family!
• Have some fur babies? - We offer them insurance too!
• RELAX and enjoy your time away with our flexible paid time off policy! 
• We will help you plan for your future - 401K, or RRSP if in Canada, with a company match
• Competitive compensation packages that include mid-year and end-of-year bonuses and equity options for all full-time employees
• Health Wellness Program that includes nutrition consultations, mental health apps, and access to discounted memberships
• Have plans to grow your family? - Parental resources, including 16 weeks of paid time off for primary caregivers
• Professional development opportunities including mentorships, leadership programs and our AffiniPayU courses
• We believe it is important to give back with our Matching Gift Program and organized activities focused on donations, volunteerism and supporting the local communities throughout the country
• D&I initiatives provide educational opportunities regarding multicultural issues, tolerance, and celebrating diversity among our entire staff
• An incredible, in-office experience at our headquarters in Austin and San Diego including free lunch delivery, a fully stocked kitchen, and some “sweet” surprises for those afternoon pick-me-ups

Security Advisory

Our hiring teams at AffiniPay are dedicated to recruiting top talent that share our passion for serving the professional services industry through innovative financial technology.  As such, our Talent Acquisition Team only follows legitimate hiring practices.  We will always communicate with our candidates using emails with the AffiniPay domain and will never ask for sensitive/personal data during the application process.  All interviews take place over phone call, Zoom/Google Meet or in person.  All offers are communicated verbally by our Talent Acquisition Specialists with a written offer letter as a follow up.