Lead Software Engineer - Fintech Infrastructure

CyberSecAI Ltd builds security infrastructure for AI agents and autonomous payment systems. Our technology secures how AI agents identify themselves, screen transactions, and move money. We work with open-source payment platforms as well as Card Schemes, contribute to OWASP and IETF standards, and hold 20 patents in agent security.

We need a senior engineer who can own the payment integration side of our agent security platform. You will work directly with our open-source teams globally to build production-grade agent payment infrastructure, trust-gated transactions, and cryptographic audit trails.

This is not a maintenance role. You will be building systems that will drive Agentic Payments.

• MCP (Model Context Protocol) server implementations handling JSON-RPC, sanctions screening, and payment initiation
• Cryptographic signing and verification pipelines and PKI Integrations
• Trust-gated payment flows with per-agent identity, kill switches, and rate limiting
• Docker-based deployment stacks orchestrating multiple services (payments, FTP, gateway)
• CI/CD pipelines with security gates (secret scanning, attribution checks, test suites)

• Go (primary) -- you will write Go daily. Our gateway, auth middleware, and payment integrations are all Go.
• Node.js -- our security scanner (194 checks), MCP servers, and web tooling are JavaScript/Node.
• Docker and Docker Compose -- multi-service stacks, container builds, health checks.
• HTTP APIs and JSON-RPC -- you will design and consume MCP protocol endpoints.
• Git and GitHub -- PRs, code review, CI/CD, security advisories. You will contribute to public open-source repos.
• SQL or data persistence -- audit trails, transaction logs, sanctions databases.
• Testing -- writing tests, not just running them. We ship with 60+ test suites across projects.
• Linux -- containers, networking, debugging production issues.

• Payments or fintech experience -- wire transfers, card issuance, or payment processing. Understanding of how money actually moves.
• Sanctions/AML knowledge -- OFAC, EU, UK HMT sanctions lists. How screening works, what minMatch thresholds mean, why false positives matter.
• Cryptography in practice -- key management, signing, verification, replay protection. Not academic -- applied.
• MCP (Model Context Protocol) -- if you know what tools/list and tools/call mean, you are ahead of 99% of candidates.
• OWASP familiarity -- MCP Top 10, AISVS, cheat sheets. We are active OWASP contributors.
• Security mindset -- CVE research, vulnerability disclosure, penetration testing, threat modelling.

• Python -- for PyPI packages, AI/ML tooling, and some backend services.
• TypeScript -- for scanner tooling and web interfaces.
• Rust or Bun -- we may explore these runtimes.
• IETF/standards experience -- we have 8 Internet-Drafts on Datatracker.
• Open-source contribution history -- show us your PRs.
• Experience with Fly.io, Vercel, or Cloudflare deployment.

• Manage people full-time. This is a hands-on engineering role.
• Write slide decks. We ship code.
• Wait for requirements. You will define them with the founder.

Standards: OWASP MCP Top 10, AISVS, IETF Internet-Drafts, OpenAPI

• Small team, high output. You will ship to production in your first week.
• Direct collaboration with open-source maintainers and standards bodies.
• Code review on every PR. Tests on every commit. Security headers on every endpoint.
• No AI attribution in code, commits, or public content.
• BSL 1.1 for commercial products. Apache 2.0 for open-source contributions.

Competitive salary based on experience.