DevSecOps Engineer

Coast is re-imagining the trillion-dollar U.S. B2B card payments infrastructure, with a focus on the country’s 500,000 commercial fleets, 40 million commercial vehicles, and many million commercial drivers. The incumbent technologies that cater to these customers are decades old, and drivers, fleets, and the merchants that serve them all increasingly demand modern digital experiences and affordable and transparent financial services products. Coast's mission is to deliver them at a transformational scale, and to improve working lives in one of the country’s biggest industry sectors. The company is backed by top fintech and mobility venture funds.

Coast is competing and winning with software, and we are building a world-class engineering team. This is a unique opportunity to get in on the ground level early on, contribute and learn in myriad ways, contribute to foundational decisions, and expand your impact as the business grows, have fun, and learn a ton in the process. If you’re practical and business-minded, smart and creative, and excited about the rewards and the energy of an early-stage venture-backed startup, we’d love to hear from you.

The DevSecOps Engineer will be our first explicitly security-focused hire. In this role you will be an early member of the platform engineering team, and help us mature a critical part of our organization. We value speed and flexibility, but are also aware of the importance of maintaining high standards for compliance, which we consider a key part of our ability to execute. Working directly with an enthusiastic and invested product team, you will help us stay on top of a wide array of areas, from network security and least-privilege permissions in the cloud, to rationalizing our SIEM and code scanning posture, to partner information requests and SOC2 compliance, to vendor and supply chain security. At the end of the day, we want to establish “paved paths” that allow us to minimize friction and maximize visibility and viability. The role will work closely with the Compliance team, our General Counsel, and the CTO; this role reports to the Head of Platform

We are hiring in NYC and the tri-state area only. Our NYC office is located in the heart of Manhattan’s SoHo neighborhood, benefiting from its vibrant creative energy. The whole company is in the office on average 4 days a week.

After joining Coast, here’s how your first few months will look:

• Week 1:
• We use OKRs to help us focus, and Kanban to organize day to day work - you will start picking up small improvements off the board and contribute across our IAM, SIEM, and CICD ecosystems;
• We treat infrastructure as code, so we expect you to get your first story merged by the end of the week after passing automated checks and peer review;
• You will establish the cadence of 1x1s with your manager.
• Month 1:
• Collaborate with a product engineer to secure a new feature;
• Update our notification system to help us identify potentially dangerous issues sooner;
• Inform what our firewall and SIEM strategy for 2025 will look like;
• Assist with crafting responses to a questionnaire for a new partnership;
• Contribute to planning and retrospectives;
• Write your first design document for a major feature.
• Month 2:
• All of the above, but also you will get to do your first dev talk;
• Establish your development goals with your manager.

Responsibilities:

• Hold a high bar for security standards and help us innovate best practices;
• Influence design and implementation of all aspects of our product, by acting as a sounding board and SME for our product managers and engineers
• Work with our compliance team to ensure that we are able to successfully respond to requests from our partners and maintain our SOC2 Certification;
• Improve scanning to ensure that risks in our codebase and cloud environment are identified, assessed, and remediated in a timely manner;
• Organize our permissioning system to ensure that the right people have appropriate access, and unnecessary people don’t;
• Help shape the engineering culture of the company by championing security practices;
• Maintain comprehensive documentation of the security infrastructure, policies, and procedures;
• Remain relentlessly pragmatic and balance the product velocity demand with the needs of a secure platform.

Requirements:

• Have 3+ years experience working with first-class engineering teams with a proven track record of continually improving their employer’s security posture;
• Have experience working directly with product engineers to incrementally improve our practices;
• Be proficient at automating tooling, whether it be using the shell or (preferably) a programming language such as Python or Javascript
• Have experience with one of Terraform/CloudFormation/Pulumi/CDK since we treat our infrastructure as code;
• Deep hands-on knowledge and experience developing in the cloud (preferably AWS), especially IAM and SIEM, but also AWS networks;
• Be able to figure stuff out - the modern security space is deep and complex, and there are many ways of solving the same problem. You need to be able to go off on your own, research and design a solution, implement technical spikes, and then deliver it with the team;
• Have an owner mindset and continuously look for, notice, and implement improvements to our posture, because small continuous improvements matter;
• Keep a finger on the pulse of the industry - latest risks, trends in CICD, networking, phishing, and vendor landscape.

Compensation

Our salary ranges are based on paying competitively for our size and industry, and are one part of our total compensation package that also includes benefits, signing bonus, and equity. Pay decisions are based on a number of factors, including scope and qualifications for the role, experience level, skillset, and balancing internal equity relative to other Coast employees. We expect the majority of the candidates who are offered roles at Coast to fall healthily within the range based on these factors.

• Salary range: $110,000 - $130,000 annually
• Signing bonus
• Equity grant: commensurate with level determined at the discretion of the company, with meaningful potential upside given the company’s early stage
• Benefits overview:
• Medical, dental and vision insurance
• Unlimited paid time off (vacation, personal well being, paid holidays)
• Paid parental leave
• $400 accessories allowance (a keyboard, mouse, headphones, etc.)
• Free lunch every Friday
• Education stipend
• 401K

About Coast

Coast is re-imagining the trillion-dollar U.S. B2B card payments infrastructure, with a focus on the country’s 500,000 commercial fleets, 10 million commercial vehicles, and 4 million commercial drivers.

Coast is founded and led by Daniel Simon, who previously cofounded Bread (breadpayments.com), a leading payments and credit technology firm backed by some of the world’s top VCs which was acquired for $500MM+ in 2020.

Coast has raised $165M in total funding — our recent $40M Series B equity round was led by ICONIQ Growth with participation from Thomvest, and Synchrony.We're also backed by top fintech and mobility venture funds – including Accel, Insight Partners, Better Tomorrow Ventures, Avid Ventures, Bessemer Venture Partners, BoxGroup, Foundation Capital, Greycroft, Colle – and premier angel investors – including Max Levchin (Affirm), Josh Abramowitz (Bread), Jason Gardner (Marqeta), William Hockey (Plaid), Ryan Petersen (Flexport), and many others.

Check out our CEO's recent podcast interview with Primary Venture Partners and last year’s product/market deep dive on Fintech Layer Cake with Coast Founder Daniel Simon!

Coast is committed to diversity, equity, and inclusion. We are building a diverse and inclusive environment, so we encourage people of all backgrounds to apply. We’re an Equal Opportunity Employer and do not discriminate on the basis of race, color, gender, sexual orientation, gender identity or expression, age, religion, disability, national origin, protected veteran status, or any other status protected by applicable federal, state, or local law.