Cardless

Product Security Lead

Cardless$190K — $260K *
San Francisco, CA 94112In-Person
Finance & Insurance
Less than 5 years of experience
Today
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • Strong programming skills in Java, Python, or a comparable language.
  • Experience designing or operating secure platforms/B2B APIs at scale, especially in multi-tenant environments.
  • Background in anti-ATO, anti-fraud, or authentication systems at scale.
  • Working knowledge of AWS including IAM and KMS configurations.
  • Familiarity with modern AI tools to enhance security processes.
  • Excellent written communication skills for documentation and external correspondence.
  • Ability to manage security functions in-house while coordinating with external partners.

Responsibilities

  • Own the security model for partner-facing APIs including authentication and audit logging.
  • Drive a coherent authentication strategy across various services.
  • Build telemetry and behavioral signals for fraud and risk management.
  • Collaborate with Engineering on architecture reviews and threat models.
  • Manage secure software development lifecycle (SDLC) including security tooling.
  • Work with infrastructure teams to enhance security across the technology stack.
  • Lead incident response processes for security events and coordinate vulnerability remediation.

Benefits

  • Meaningful start-up equity.
  • 100% coverage for health, vision, and dental.
  • 75% coverage for health, vision, and dental for dependents.
  • Catered lunches and dinners provided.
  • $250 monthly commuter benefit.
  • Parental leave policy.
  • Team building events organized.
  • Flexible PTO with a minimum of 15 days off per year.
  • 401(k) retirement plan available.
  • Relocation assistance offered.
Full Job Description
We9re hiring a Product Security Lead to drive how we build security into the platform. The work spans authentication, authorization, anti-abuse controls, in-product fraud primitives, and the secure-by-design practices that come with running credit infrastructure for partners of this caliber. The role is hands-on and deeply cross-functional, working with Engineering, Risk, Compliance, Legal, and Data. You9ll report to the Head of Engineering.

Responsibilities
  • Own the security model for our partner-facing APIs: authentication, authorization, tenant isolation, abuse prevention, signing, and audit logging.
  • Drive a coherent auth strategy across services and surfaces, including step-up auth for sensitive actions and a strong-auth roadmap (passkeys and beyond).
  • Build the device telemetry, behavioral signals, and velocity primitives that fraud and risk functions depend on.
  • Be the secure-by-design partner with Engineering - sit in on architecture reviews before features ship, write the threat models, own the tradeoffs.
  • Own secure SDLC: SAST/DAST, dependency scanning, secret detection, and the security tooling engineers interact with daily.
  • Coordinate with our infrastructure team to improve our security posture across the stack: from infrastructure, to supply chain, to first-party applications, to third-party dependencies and SaaS platforms.
  • Be the technical authority on sensitive payment data. Keep the footprint small and well-defined as the platform grows.
  • Lead incident response on security events (containment, forensics, comms, blameless postmortems) and drive vulnerability remediation across services.
  • Own the relationship with our external security architecture partner: set priorities, scope engagements, integrate findings into our roadmap.
  • Serve as the technical counterpart to ensure compliance, translating SOC 2, PCI DSS, and other security frameworks into scalable engineering solutions and ensuring in-product controls are effective in practice - not just on paper.
What we look for
  • Strong programming skills in Java, Python, or a comparable language - you write production code.
  • Experience designing or operating secure platform / B2B APIs at scale, especially in multi-tenant environments.
  • Background in anti-ATO, anti-fraud, or authentication systems at scale (consumer fintech, marketplace, or large consumer platform).
  • Working knowledge of AWS: IAM, KMS, networking, service-to-service auth.
  • Comfort with modern AI tooling (Claude, Copilot, and similar) as a daily force multiplier across code review, threat modeling, detection engineering, and security tooling.
  • Excellent written communication. You9ll write threat models, postmortems, and partner-facing security responses.
  • Comfortable owning the security function in-house while leveraging external specialists as a force multiplier.
Nice to have
  • Fintech, payments, or other regulated environment experience.
  • Threat modeling methodology background (STRIDE, attack trees, or your own).
  • Experience working alongside or building for a risk / fraud operations team.
  • Experience operating a bug bounty or vulnerability disclosure program.
Why Cardless

You9ll lead product security for a platform that powers some of the most recognizable card programs in the world. The work moves real dollars and real trust from the moment you ship. You9ll have a real seat in every major architecture conversation, executive visibility, and an external security architecture partner you can lean on.

Benefits
  • Meaningful start-up equity
  • 100% health, vision & dental primary coverage
  • + 75% health, vision & dental dependent coverage
  • Catered lunches and dinners
  • $250/month commuter benefit
  • Parental leave
  • Team building events
  • Flexible PTO with a minimum of 15 days off per year
  • 401(k) plan
  • 69b Relocation assistance


Compensation

This role has an annual starting salary range of $190,000-$260,000 + equity + benefits (see above). Actual compensation is influenced by a wide array of factors including but not limited to skills, experience, and specific work location.

Location

San Francisco, CA - our office is in the Jackson Square district. This role is 5 days a week in office.

About Cardless

Cardless is a financial technology company that offers a mobile payment platform for merchants. The company was founded in 2014 by Michael Spelfogel and Jonno Rodd. Cardless has offices in San Francisco, California and Sydney, Australia. The company's mission is to make payments faster, easier, and more secure for everyone.
Learn more about Cardless
Size
50 employees
Industry
Finance & Insurance
Net Income
-$500,000
Founded
2014
5 Year Trend
+250%
Revenue
$1 million
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at Cardless

More Finance & Insurance Jobs

Find similar Product Security Lead jobs:

NationwideSan Francisco, CA