Company Description

Are you ready to trade your job for a journey? Become a FlyMate!

Passion, excitement & global collaboration are all core to what it means to be a FlyMate. At Flywire, we’re on a mission to deliver the world’s most important and complex payments. We use our Flywire Advantage - the combination of our next-gen payments platform, proprietary payment network and vertical specific software, to help our clients get paid, and help their customers pay with ease - no matter where they are in the world.

What more do we need to truly be unstoppable? Perhaps, that is you!

Who we are:

Flywire is a global payments enablement and software company, founded more than a decade ago to solve high-stakes, high-value payments in higher education. We’ve since scaled into new regions and industry verticals and expanded our product offerings to deliver meaningful value to our clients around the world.

Today we support more than 5,100 clients across the global education, healthcare, travel & B2B industries, with diverse payment methods across 240 countries & territories and more than 140 currencies.

With over 1,200 global FlyMates, representing more than 40 nationalities, and in 12 offices world-wide, we’re looking for FlyMates to join the next stage of our journey as we continue to grow.

Job Description

The Opportunity:

As the Director of Security Risk Engineering, you will serve as a key senior leader working in direct partnership with the CISO to drive, shape, and mature Flywire’s global enterprise security infrastructure and systems. In this role, you will bridge the gap between high-level security strategy and tactical engineering execution across six core domains: Application Security, AI Security, Cloud Security, Corporate Security, Security Operations (SecOps), and Red Teaming (Penetration Testing).

In partnership with the internal stakeholder organizations, you will lead the organizational shift from technical recovery to global enterprise operational resilience, managing a highly impactful program that safeguards our global payment rails while fostering a culture of collaboration, innovation, and continuous improvement. A solid working knowledge of all aspects of cloud-native infrastructure, software applications, AI/LLM model development, governance & validation, and automated risk mitigation is required.

Responsibilities:

• Strategic Domain Leadership: Define, implement, and monitor a comprehensive security engineering strategy across Application Security, AI Security, Cloud Security, Corporate Security, Security Operations (SecOps/Incident Detection & Response), and Red Teaming (Penetration Testing), aligning initiatives with global business objectives and emerging financial threats.
• Team Management & Mentorship: Support the CISO to lead and manage the global security engineering organization, including hiring, training, mentoring, performance management, and budget oversight.
• Secure Architecture & Governance: Oversee the design and continuous improvement of secure architecture for systems, cloud infrastructure, networks, and applications, ensuring strict alignment with security best practices.
• Global Cross-Functional Collaboration: Partner with Business, Development, DevOps, Product, Program, Risk/Compliance, and IT leaders to seamlessly integrate security controls into all phases of the engineering and CI/CD lifecycle. Engage actively with external stakeholders, auditors and global regulators on related fronts.
• Advanced Cyber Risk Efficacy: Leverage AI and automated tooling to develop proactive measures, threat intelligence capabilities, and scalable defenses against vulnerabilities across all engineering domains.
• Adversarial / Penetration Testing: Personally adopt an attacker’s mindset to identify complex attack chains, logic flaws, and zero-day vulnerabilities within financial platforms and product architectures.
• Incident Response & Operational Resilience: Direct and coordinate responses to critical enterprise security incidents, managing containment, forensic investigation, and rapid remediation efforts alongside SecOps.
• Regulatory Compliance Frameworks: Maintain an information security framework that ensures continuous readiness for strict industry audits and regulatory compliance requirements globally (e.g., NIST CSF 2.0, ISO 27001, PCI-DSS 4.0, DORA).
• Executive & Stakeholder Reporting: Define and maintain metrics that communicate security posture, program progress, and incident risk analysis to the CISO, senior executive leadership, and the Board.
• Innovation & Emerging Tech: Stay ahead of global fintech trends, adopting cutting-edge technologies and methodologies—specifically regarding secure AI deployment—to continuously strengthen the organization’s security posture.

Qualifications

Here’s What We’re Looking For:

• Education: Bachelor’s degree required in Computer Science, Information Security, or a related technical field. A Master’s degree is highly preferred.
• Core Experience: 12+ years of progressive experience in information security, IT risk management, or cyber defense roles. Must be an active technical practitioner with a proven track record of independently performing manual penetration testing, vulnerability exploitation, detection/response activities, and code reviews across cloud and application infrastructures, without relying solely on automated commercial tools.
• Leadership Experience: 3+ years of proven experience in senior leadership or management roles specifically within a security engineering organization, managing people, cross-functional teams and complex security programs.
• Domain Mastery: In-depth technical knowledge of security architecture, secure cloud infrastructure (e.g., AWS/Azure/GCP), application security principles, and adversarial emulation (Red Teaming).

Highly Preferred Certifications

• Core Security: CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager)
• Governance & Risk: CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or ISACA AAISM™ (Advanced in AI Security Management)
• Hands-On Offensive & AI: OffSec OSAI (Offensive Security AI Red Teamer), OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert), or SANS GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)

Skills and Abilities

• Strategic & Tactical Balancer with a Commercial Mindset: Highly hands-on and technically skilled. Strong strategic thinker with the ability to contribute to and translate the CISO’s high-level vision into actionable plans and drive successful execution. Balances technical risk reduction with business enablement, ensuring security infrastructure serves as a competitive advantage that unblocks global revenue and enterprise-client acquisition.
• Executive Presence: Exceptional communication and stakeholder management skills, with a demonstrated ability to articulate complex security risks and technical concepts to both engineering teams and executive management/the Board.
• 2nd-Line Cyber Risk Oversight & Governance: Robust capability to operate as a strategic second-line risk leader. Proven experience defining enterprise security risk appetites, establishing governance frameworks, and executing independent control testing to validate that the first line (engineering/product teams) effectively manages cyber risk.
• Defense-in-Depth Expertise: Comprehensive understanding of modern system security design principles, intrusion prevention, API security, and automated vulnerability management.
• High-Pressure Decision Making: Demonstrated capability to prioritize tasks, maintain cross-functional transparency, and make critical risk decisions under pressure during live security incidents.
• Lateral Influencing / Influential Leadership: Ability to collaborate effectively as a trusted partner across the global organization, promoting a collaborative culture of continuous resilience and security awareness.

Additional Information

What We Offer:

• Competitive compensation
• Employee Stock Purchase Plan (ESPP)
• Competitive time off, including Digital Disconnect and FlyBetter Days to volunteer in a cause you believe in.
• Work with brilliant people globally  Learn more about their journeys by checking out #InsideFlywire on social media
• Wellbeing Programs (Mental Health, Wellness, Yoga/Pilates/HIIT Classes) with Global FlyMates
• Be a meaningful part in our success - every FlyMate makes an impact
• Great Talent & Development Programs (Managers Taking Flight – for new or aspiring managers, OneFlywire Career Mobility)

Submit today and get started!

We are excited to get to know you! Throughout our process you can expect to meet with different FlyMates including the Hiring Manager, Peers on the team, the VP of the department, and a skills assessment. Your Talent Acquisition Partner will walk you through the steps and be your “go-to” person for any questions.

The US base salary range for this full-time position is $200,000 - 210,000 and benefits. Our salary ranges are determined by role, position level, and location. The range displayed on this job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and several other factors, including job-related skills, experience, relevant education and training.

Flywire is an equal opportunity employer and follows a policy of administering all employment decisions and personnel actions without regard to race, color, religion, sex, pregnancy, gender identity, national origin, age, ancestry, physical or mental disability, sexual orientation, genetic disposition or carrier status, veteran status, or any other category protected under applicable national, federal, state or local law.

#LI-Hybrid

Company Description

Are you ready to trade your job for a journey? Become a FlyMate!

Passion, excitement & global collaboration are all core to what it means to be a FlyMate. At Flywire, we’re on a mission to deliver the world’s most important and complex payments. We use our Flywire Advantage - the combination of our next-gen payments platform, proprietary payment network and vertical specific software, to help our clients get paid, and help their customers pay with ease - no matter where they are in the world.

What more do we need to truly be unstoppable? Perhaps, that is you!

Who we are:

Flywire is a global payments enablement and software company, founded more than a decade ago to solve high-stakes, high-value payments in higher education. We’ve since scaled into new regions and industry verticals and expanded our product offerings to deliver meaningful value to our clients around the world.

Today we support more than 5,100 clients across the global education, healthcare, travel & B2B industries, with diverse payment methods across 240 countries & territories and more than 140 currencies.

With over 1,200 global FlyMates, representing more than 40 nationalities, and in 12 offices world-wide, we’re looking for FlyMates to join the next stage of our journey as we continue to grow.

Job Description

The Opportunity:

As the Director of Security Risk Engineering, you will serve as a key senior leader working in direct partnership with the CISO to drive, shape, and mature Flywire’s global enterprise security infrastructure and systems. In this role, you will bridge the gap between high-level security strategy and tactical engineering execution across six core domains: Application Security, AI Security, Cloud Security, Corporate Security, Security Operations (SecOps), and Red Teaming (Penetration Testing).

In partnership with the internal stakeholder organizations, you will lead the organizational shift from technical recovery to global enterprise operational resilience, managing a highly impactful program that safeguards our global payment rails while fostering a culture of collaboration, innovation, and continuous improvement. A solid working knowledge of all aspects of cloud-native infrastructure, software applications, AI/LLM model development, governance & validation, and automated risk mitigation is required.

Responsibilities:

• Strategic Domain Leadership: Define, implement, and monitor a comprehensive security engineering strategy across Application Security, AI Security, Cloud Security, Corporate Security, Security Operations (SecOps/Incident Detection & Response), and Red Teaming (Penetration Testing), aligning initiatives with global business objectives and emerging financial threats.
• Team Management & Mentorship: Support the CISO to lead and manage the global security engineering organization, including hiring, training, mentoring, performance management, and budget oversight.
• Secure Architecture & Governance: Oversee the design and continuous improvement of secure architecture for systems, cloud infrastructure, networks, and applications, ensuring strict alignment with security best practices.
• Global Cross-Functional Collaboration: Partner with Business, Development, DevOps, Product, Program, Risk/Compliance, and IT leaders to seamlessly integrate security controls into all phases of the engineering and CI/CD lifecycle. Engage actively with external stakeholders, auditors and global regulators on related fronts.
• Advanced Cyber Risk Efficacy: Leverage AI and automated tooling to develop proactive measures, threat intelligence capabilities, and scalable defenses against vulnerabilities across all engineering domains.
• Adversarial / Penetration Testing: Personally adopt an attacker’s mindset to identify complex attack chains, logic flaws, and zero-day vulnerabilities within financial platforms and product architectures.
• Incident Response & Operational Resilience: Direct and coordinate responses to critical enterprise security incidents, managing containment, forensic investigation, and rapid remediation efforts alongside SecOps.
• Regulatory Compliance Frameworks: Maintain an information security framework that ensures continuous readiness for strict industry audits and regulatory compliance requirements globally (e.g., NIST CSF 2.0, ISO 27001, PCI-DSS 4.0, DORA).
• Executive & Stakeholder Reporting: Define and maintain metrics that communicate security posture, program progress, and incident risk analysis to the CISO, senior executive leadership, and the Board.
• Innovation & Emerging Tech: Stay ahead of global fintech trends, adopting cutting-edge technologies and methodologies—specifically regarding secure AI deployment—to continuously strengthen the organization’s security posture.

Qualifications

Here’s What We’re Looking For:

• Education: Bachelor’s degree required in Computer Science, Information Security, or a related technical field. A Master’s degree is highly preferred.
• Core Experience: 12+ years of progressive experience in information security, IT risk management, or cyber defense roles. Must be an active technical practitioner with a proven track record of independently performing manual penetration testing, vulnerability exploitation, detection/response activities, and code reviews across cloud and application infrastructures, without relying solely on automated commercial tools.
• Leadership Experience: 3+ years of proven experience in senior leadership or management roles specifically within a security engineering organization, managing people, cross-functional teams and complex security programs.
• Domain Mastery: In-depth technical knowledge of security architecture, secure cloud infrastructure (e.g., AWS/Azure/GCP), application security principles, and adversarial emulation (Red Teaming).

Highly Preferred Certifications

• Core Security: CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager)
• Governance & Risk: CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or ISACA AAISM™ (Advanced in AI Security Management)
• Hands-On Offensive & AI: OffSec OSAI (Offensive Security AI Red Teamer), OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert), or SANS GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)

Skills and Abilities

• Strategic & Tactical Balancer with a Commercial Mindset: Highly hands-on and technically skilled. Strong strategic thinker with the ability to contribute to and translate the CISO’s high-level vision into actionable plans and drive successful execution. Balances technical risk reduction with business enablement, ensuring security infrastructure serves as a competitive advantage that unblocks global revenue and enterprise-client acquisition.
• Executive Presence: Exceptional communication and stakeholder management skills, with a demonstrated ability to articulate complex security risks and technical concepts to both engineering teams and executive management/the Board.
• 2nd-Line Cyber Risk Oversight & Governance: Robust capability to operate as a strategic second-line risk leader. Proven experience defining enterprise security risk appetites, establishing governance frameworks, and executing independent control testing to validate that the first line (engineering/product teams) effectively manages cyber risk.
• Defense-in-Depth Expertise: Comprehensive understanding of modern system security design principles, intrusion prevention, API security, and automated vulnerability management.
• High-Pressure Decision Making: Demonstrated capability to prioritize tasks, maintain cross-functional transparency, and make critical risk decisions under pressure during live security incidents.
• Lateral Influencing / Influential Leadership: Ability to collaborate effectively as a trusted partner across the global organization, promoting a collaborative culture of continuous resilience and security awareness.

Additional Information

What We Offer:

• Competitive compensation
• Employee Stock Purchase Plan (ESPP)
• Competitive time off, including Digital Disconnect and FlyBetter Days to volunteer in a cause you believe in.
• Work with brilliant people globally  Learn more about their journeys by checking out #InsideFlywire on social media
• Wellbeing Programs (Mental Health, Wellness, Yoga/Pilates/HIIT Classes) with Global FlyMates
• Be a meaningful part in our success - every FlyMate makes an impact
• Great Talent & Development Programs (Managers Taking Flight – for new or aspiring managers, OneFlywire Career Mobility)

Submit today and get started!

We are excited to get to know you! Throughout our process you can expect to meet with different FlyMates including the Hiring Manager, Peers on the team, the VP of the department, and a skills assessment. Your Talent Acquisition Partner will walk you through the steps and be your “go-to” person for any questions.

The US base salary range for this full-time position is $200,000 - 210,000 and benefits. Our salary ranges are determined by role, position level, and location. The range displayed on this job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and several other factors, including job-related skills, experience, relevant education and training.

Flywire is an equal opportunity employer and follows a policy of administering all employment decisions and personnel actions without regard to race, color, religion, sex, pregnancy, gender identity, national origin, age, ancestry, physical or mental disability, sexual orientation, genetic disposition or carrier status, veteran status, or any other category protected under applicable national, federal, state or local law.

#LI-Hybrid

Reports to: Chief Security Officer

Location: Remote US

Compensation Range: $220,000 to $240,000 base plus bonus and equity

What We Do:

Cybercrime is growing, and more businesses are getting hit by threats that used to target only the biggest organizations. That pushes defenders like us to operate at the highest level, and it deepens our need for good people who want to make a meaningful impact.

Founded in 2015 by former NSA cyber operators, Huntress is a remote-first team working to make enterprise-grade cybersecurity accessible to businesses of all sizes. We work closely with security teams and service providers protecting complex environments, often without the time or headcount to handle it all. That’s why we build our technology in-house and back it with a 24⁄7 human-led Security Operations Center (SOC). As a result, our platform is never disconnected from the experts who manage it, ensuring our customers’ protection.

Huntress now secures more than 5M endpoints and 11M identities worldwide. Those numbers keep growing because more businesses rely on us to help carry the load and operate with more confidence. Every day, you can see that commitment in how we stand with our customers and how we show up for each other.

What You’ll Do

We are seeking a strategic leader to own the future of Detection Engineering & Threat Hunting at Huntress. As a Director, you will manage multiple sub-teams (via Managers) and serve as a trusted advisor to the Sr. Dir of Threat Detection and Response.

Your mission is to align the DE&TH function with the broader company strategy. As we scale, you will determine the structural, technological, and budgetary requirements needed to maintain superior detection efficacy. You will own the relationship with the Product organization. Ensuring that our defensive strategy evolves faster than the adversaries we protect against.

Responsibilities

• Strategy & Vision: Set the direction, strategy, and vision for the entire DE&TH function. You will define the team’s 12-18-month prioritization.
• Manage a team of Managers: You will manage at least two teams or sub-teams via other managers. Your focus is on developing their leadership capabilities, enabling them to execute effectively, and holding them accountable for the health and output of their team.
• Budgeting & Planning: Propose and own plans for budgeting, execution, and hiring. You will develop capacity models to ensure our team’s growth aligns with our overall growth, presenting these resource needs to executive leadership.
• Cross-Functional Leadership: Strategize with senior leaders across Product, Engineering, and Security. You are a key stakeholder in the company’s direction, advocating for the telemetry and architectural changes required to support future detection use cases.
• Systemic Problem Solving: Identify and surface patterns to leadership regarding root causes of problems. You anticipate future challenges and own the delivery of solutions before they become bottlenecks.
• Culture & Standards: Exemplify and hold others accountable to the management standards of the company. You are responsible for creating a diverse, inclusive, and high-performing culture across the entire function.

What You Bring To The Team

• Strategic Leadership: 5+ years of experience in cybersecurity, with significant experience managing managers. You have led large, high-priority projects that impacted the company’s direction.
• Visionary Thinking: You can look past the current quarter. You understand the “Macro” of the threat landscape and can translate that into a “Micro” plan for your teams.
• Business Acumen: You understand how a SOC fits into the business model. You can articulate the ROI of detection engineering and threat hunting to non-technical stakeholders and manage a department budget.
• Force Multiplier: You excel at empowering others. You don’t solve problems for your team; you build the structures and frameworks that allow your team to solve problems themselves while you focus on accountability and scalability.

What We Offer:

• 100% remote work environment - since our founding in 2015
• Generous paid time off policy, including vacation, sick time, and paid holidays
• 12 weeks of paid parental leave
• Highly competitive and comprehensive medical, dental, and vision benefits plans
• 401(k) with a 5% contribution regardless of employee contribution
• Life and Disability insurance plans
• Stock options for all full-time employees
• One-time $500 reimbursement for building/upgrading home office
• Annual allowance for education and professional development assistance
• $75 USD/month digital reimbursement
• Access to the BetterUp platform for coaching, personal, and professional growth

Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are.

We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status.

We do discriminate against hackers who try to exploit businesses of all sizes.

Accommodations:

If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to accommodations@huntresslabs.com . Please note that non-accommodation requests to this inbox will not receive a response.

Huntress uses artificial intelligence tools to assist in reviewing and evaluating job applications, including resume screening, skills assessment, and candidate matching and comparisons. These AI tools support our human recruiters in the initial review process but do not make final hiring decisions without human involvement. By submitting your application, you acknowledge this use of AI in our recruitment process. Please review our Candidate Privacy Notice for more details on our practices and your data privacy rights.

#BI-Remote