About the job

Our mission

Boom is on a mission to level the playing field for the 110+ million renters in the US by making housing more flexible, affordable, and rewarding. Boom is building a suite of rental financial services for renters and property managers, including tenant screening, rent payment reporting, rent reporting-as-a-service, and a number of integrations with the largest property management systems (PMS). Boom serves renters through the Boom App and property managers via the Boom Platform. Now serving thousands of renters, Boom is led by second-time founder Rob Whiting (ex-BCG, Rubicon). It's backed by investors such as Starting Line, Clocktower Ventures, Gilgamesh Ventures (Petal co-founders), and angels such as William Hockey and Zach Perret (Co-founders of Plaid) and Harry Stebbings. Boom has been profiled by Inman, Business Insider, HousingWire, and more.

Opportunity

We're expanding our engineering team to meet the growing demands of our B2B partners and B2C users. Boom handles sensitive consumer data at scale -- credit, identity, income, an other verification data flow through our platform every day, and we report rent payments to the credit bureaus on behalf of hundreds of thousands of residents. As we move from Seed to Series A and beyond, we're hiring our Founding Security Engineer to harden our platform, mature our security posture, and partner with product engineering and infrastructure teams to bake security into how we build.

This role offers the chance to work closely with our CPO, engineering leadership, and operations, owning security as a function from the ground up. For this role, we are hiring for candidates in Austin, TX, where our leadership and product team is located. Comp range listed is directional and adjustable +/- based on competency.

Our engineering culture is hands-on and pragmatic -- we value shipping real product, maintaining high standards, and communicating clearly. If you're excited about building a security program at a fast-growing fintech and protecting data that materially impacts people's lives, reach out.

What you'll do

• Own our application and cloud security posture across our infrastructure and full stack product
• Run our SOC 2 certification effort (evidence, controls, auditor interface), interface with vendors for pen testing, and prep us for the next compliance lifts like CASA, FCRA, state-specific data regs, and enterprise security reviews
• Build the secure SDLC: threat modeling, security-sensitive code review, SAST/DAST/SCA tooling, secrets management, and dependency hygiene
• Lead incident response and vulnerability management. Triage, contain, remediate, and run blameless postmortems
• Partner with engineering on identity, access, and data handling for PII, credit, and payment data so secure-by-default is the easy path
• Own customer security questionnaires and represent Boom in security conversations with enterprise property management partners

What you'll need

• 5+ years in security engineering or application security with hands-on web development experience. Track record securing production web apps and cloud environments, with AWS strongly preferred
• Working knowledge of SOC 2 (bonus for ISO 27001, HIPAA, PCI, GLBA/FCRA). You're ready to own the program, not just contribute to it
• Strong grasp of common attack classes (OWASP Top 10, auth/session, SSRF, deserialization, supply chain) and how they show up in modern web stacks
• Backend-leaning full stack on Ruby (Grape and Sequel) with React/Next.js and TypeScript on the frontend. Comfortable with third-party APIs (OAuth, webhooks, rate limits, idempotency), observability, on-call, real incidents, and Terraform
• You're already running AI coding agents autonomously, including overnight, to ship and drive your own efficiency. Daily Claude Code use is table stakes
• Strong communicator who can explain risk to non-security audiences and push back without slowing the business. Self-starter in a fast-paced, early-stage environment, with empathy for our end users including low-to-moderate-income renters whose financial data we steward

Benefits of working at Boom

• Competitive salary with stock options
• Full healthcare coverage (health, dental, vision) including 50% coverage for dependents
• 15 days of Paid Time Off (PTO) per year + 3 sick days + all US federal holidays (11 in total) (note: we think unlimited PTO is BS and causes some employees to feel guilty when they take it)
• Company-issued laptop/MacBook
• Company-sponsored training & development
• Regular off-sites, retreats, and other company-sponsored events and travel opportunities