Hummingbird is a remote-first, fully distributed team united by the shared mission of helping fight financial crime. Since our launch in 2017, we’ve helped major financial institutions and tech-savvy trailblazers alike (e.g. Stripe, Affirm, Evolve Bank etc.) orchestrate their compliance programs through our thoughtfully designed, intuitive SaaS product. We believe finding and stopping financial crime is a problem rooted in code, language and design, so we built the product that the heroes doing this work deserve.
We are customer-obsessed, and we love building and shipping great products. We set a high bar, challenge our assumptions, seek diverse opinions, and support each other to do our best work.
We do our best to write inclusive, descriptive and accurate job descriptions, but we’re not always perfect. If you’re interested in the role, we’d love to hear from you even if you don’t feel like you meet everything we’re looking for. We’re always iterating and improving, and it’s possible that your experience is even more impactful than we could have imagined.
About the role
At Hummingbird, we want to build better software to fight financial crime. Our engineering team is responsible for making that a reality. They dive deep into the problems that make financial crime fighting so difficult and design flexible, scalable solutions that empower our customers to catch the bad guys. Our product sits at the intersection of financial technology, data science, security, policy, law enforcement, and design. As employees at a small startup, software engineers at Hummingbird have the opportunity to wear many hats and learn and grow across a multitude of dimensions.
The Trust team owns the platform that everything else runs on. As a Senior Security Engineer on Trust, you'll be the person driving security across Hummingbird's infrastructure -- protecting a data set that includes some of the most sensitive finaical information imaginable, growing fast. The threat landscape is evolving quickly, especially AI: we're navigating security risks introduced by AI built into our product, the need to govern how our team uses AI tools internally, and increasingly sophisticated AI-powered external attacks. You'll have real ownership of this work, from hands on engineering to shaping our security posture for years to come.
What you'll do:
- Drives security engineering across Hummingbird's infrastructure. You'll help lead our security posture: managing vulnerability and dependency tooling, designing and enforcing controls, and ensuring our AWS environment — managed via Terraform — is hardened and audit-ready for the tier 1 financial institutions we serve.
- Work with a small, passionate, and experienced team: We're a small team of mostly senior engineers and we love to do great work together. We're fully remote, but we make a strong effort to prioritize, design, and code collaboratively.
- Grapple with the challenges of working in a high security, high stakes environment: We work with some of the most sensitive data you can imagine and provide a critical service to our customers. You'll help develop a threat intelligence program that monitors the external landscape and connects it to our internal risks, including incident response and disaster recovery.
- Influence the overall architecture and hosting strategy: Great ideas come from everywhere. Everyone on the team has a voice in technical discussions, and is trusted to make significant decisions.
- Have the opportunity to grow into leadership: Hummingbird is growing rapidly. As we do, there will be opportunities for engineers to take on new roles in product, technology, or people leadership positions.
About you:
- 7+ years of experience, including 3–5 years in a dedicated security engineering role (Security Engineer, AppSec Engineer, or equivalent), preferably with some startup experience.
- You love digging into complex problems and determining both the root cause and the best solution to fix.
- You're happy spelunking logs and running diagnostic tools to make sure you understand the problem.
- You sail through ambiguity and are comfortable across the infrastructure layer — Terraform and AWS are your tools, not mysteries. You can move between network security and encryption, access controls and permissions, and high-level architecture without losing the thread.
- Iteration is part of the fun. You’re not married to specific ideas or solutions.
- You want your impact to go beyond the lines of code you write.
- Safety first. You care about quality, testing, and security.
- You're actively thinking about what AI means for security — not just as a tool to work faster, but as a new threat vector that demands new defenses.
- You want to build something exceptionally valuable and have a real impact on the world. You're excited to get your hands dirty in pursuit of that goal.
- (Bonus) Experience in the financial sector, especially around compliance or fraud.
Technologies we use and teach:
- AWS, Azure, PostgreSQL, Redis
- Terraform, CircleCI, Nix, Docker
- Ruby/Rails, Python
- OpenAI
- React, JavaScript, TypeScript, GraphQL, d3
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please don't hesitate to contact us to request accommodation.
