Lead Security Engineer (Fraud)

US Mobile is on a mission to revolutionize connectivity. Imagine a world where you can go into a single app and buy terabytes of data for every one of your devices: phone, smart devices, car, home broadband, and more. That’s the future that US Mobile is building: a software platform built truly for the 21st century and the age of 5G and IoT, with world class engineering, best-in-class user experience, and features that will define the next generation of connectivity.

At the core of it all, we have a team and culture that has been recognized by Forbes as one of the top 500 best startup employers in the US. Our team spans diverse backgrounds, cultures, and stories, with employees coming from 20+ countries.

We're a venture-backed company entering hypergrowth, having recently ranked 94th on Inc 5000's fastest-growing private companies in America, and we’re looking for someone exceptional to join our team.

As the Lead Security Engineer, you’ll be both a hands-on technical contributor and a security leader. You will write and review code, design secure systems, and work closely with backend and platform engineers to ensure that our infrastructure, applications, and services are resilient against evolving threats.

You’ll lead a small, high-impact team responsible for embedding security into the entire SDLC — from code review and threat modeling to runtime monitoring and incident response. Your mission: make security an integral part of our engineering DNA.

Responsibilities: :
• Extensive experience detecting and preventing online payment fraud, including fraudulent plan purchases, unauthorized payment method abuse, card-not-present fraud, and chargeback manipulation across high-volume digital transaction flows.

• Hands-on expertise building fraud detection systems for e-commerce and subscription billing environments, including rule-based and ML-assisted models that flag suspicious payment behavior, account-funded fraud, and promo/credit abuse in real time.

• Deep understanding of identity fraud vectors in digital-first environments, including synthetic identity creation, stolen credential abuse during onboarding, and fraudulent plan upgrades or device financing applications tied to payment exploitation.

• Write and review production code in Java, Kotlin, and Go, ensuring security best practices are applied across APIs, backend services, and infrastructure automation — with particular attention to payment processing flows and data integrity.

• Perform secure code reviews and guide developers on secure design patterns, embedding fraud-aware coding standards into engineering workflows from the ground up.

• Monitor and analyze application and network traffic using tools like Datadog and Cloudflare WAF to identify anomalies, payment abuse patterns, account takeover attempts, and emerging threats across cloud and application environments.

• Build and automate security tooling that integrates into CI/CD pipelines for vulnerability scanning, dependency management, and code integrity checks — including controls specific to payment and billing service deployments.

• Collaborate with DevOps and backend engineers to design secure architectures, enforce least privilege, and adopt zero-trust principles across subscriber lifecycle flows including onboarding, SIM activation, number porting, and payment processing.

• Lead threat modeling, risk assessments, and incident response for fraud and security events — maintaining playbooks, coordinating responses, and translating findings into actionable hardening improvements across Telecom-specific attack surfaces.

• Stay current with evolving fraud techniques, exploits, and threat intelligence, proactively applying new research to harden payment systems, detection models, and security tooling against emerging attack vectors.

Required::
• Bachelor’s degree in Computer Science, Software Engineering, or a related field.

• 7+ years of experience in fraud, cybersecurity, application security, or security engineering — ideally in developer-heavy environments.

• Strong software engineering background with hands-on experience in Java, Kotlin, or Go (comfortable reading and writing production code).

• Deep understanding of secure software development, API security, and microservices architectures.

• Experience integrating security into CI/CD pipelines and cloud-native environments (AWS, GCP, or similar).Understanding of compliance frameworks such as PCI-DSS, SOC 2, or ISO 27001 is a strong plus.

• Familiarity with observability and monitoring platforms such as Datadog, Cloudflare WAF, or similar tools for traffic analysis and anomaly detection.

• Proficiency with security monitoring and automation tools (SIEM, EDR, IDS/IPS, etc.).

• Excellent communication skills and the ability to collaborate with both engineers and leadership.

• Certifications like CISSP, OSWE, GCSA, or CISM are a plus but not required — demonstrable coding and analytical ability matter most.

Benefits::
• Competitive salary - 150k CAD - 220k CAD (based on experience/location)

• Flexible working hours

• Supplemental health insurance

• Professional development stipend

• $500 wfh tech set-up reimbursement

Think you’d be a great fit? Apply to learn more!