Cyber Security Engineer (Mid-Level) #LI-Remote

Pasadena, California /
Technology – Technology /
Scratch Financial ("Scratchpay") is a financial technology startup based in Los Angeles, California. Our goal is to make difficult financial decisions simple and increase accessibility to fair, affordable, and transparent medical financing. Driven by our award-winning technology, Scratchpay has become the fastest growing financing provider in veterinary care, with our payment plans now offered in over 10,000 practices across the U.S. and Canada–ranging from dental offices to optometry clinics. We’re rapidly launching a new Point-of-Sale payment processing suite to help our providers create a better payments experience for their patients.

If putting compassion first, helping create groundbreaking products and continuously iterating & refining those products sound like you, then we encourage you to apply.

If you have a passion of SecOps and you meet the requirements below, we would love to meet you.

Salary range: $50,000.00 and $90,000.00


    • Assist with aspects of SIEM implementation, i.e. onboarding of log sources both from within our Google Cloud Platform and from third party applications, setting up and tuning appropriate alerting, responding to alerts within a reasonable timeframe
    • Establishing a security baseline of our infrastructure and implementing regression testing so as to track any deviations below that baseline
    • Investigating any malware detected on our contractors’ endpoints, taking any necessary action including blocking suspicious/malicious activity, determining whether detections are false positives, etc.
    • Setting up a secure workspace for contractors to access customer data, in order to prevent any data loss
    • Implementing other DLP controls across our infrastructure, focusing especially on databases with customer PII
    • Extending full endpoint protection to contractors’ BYOD mobile devices, especially iOS
    • Internal infrastructure network testing, mainly within Kubernetes clusters
    • Vulnerability assessment (VMs, container images)
    • Container runtime security
    • Web application security testing (ability to identify vulnerabilities within the OWASP Top Ten)
    • Static Application Security Testing (SAST) and DAST (Dynamic Application Security Testing); mainly automated but some manual work required to eliminate false positives
    • Mobile application security testing (MAST)

Strongly preferred, but not required:

    • Ability to carry out manual code security review (this would mean some knowledge of the Javascript, PHP, Go, C#, Python, Terraform, HTML, XML and CSS languages)
    • Experience in helping an organization to meet the PCI DSS and SOC-2 compliance standards


    • Preferably at least 3 of the below, or equivalent/similar certifications: CompTIA Security+, CompTIA Cloud+, CompTIA CySA+, GCIH, GPCS, GCSA, GPEN, GMOB, GSOC, OSCP, OSCE, OSWP, OSWE, CISSP, CKA, CKS

Scratchpay is committed to diversity in its workforce and is proud to be an equal opportunity employer. Scratchpay considers qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other legally protected class.