[{"last_updated":1775894409,"legal":"API Terms of Service: Please link back (with follow, and without nofollow!) to the URL on Remote OK and mention Remote OK as a source, so we get traffic back from your site. If you do not we'll have to suspend API access.\n\nPlease don't use the Remote OK logo without written permission as it's a registered trademark, please DO use our name Remote OK though."},{"slug":"remote-senior-platform-engineer-loancrate-1130797","id":"1130797","epoch":1773677809,"date":"2026-03-16T16:16:49+00:00","company":"Loancrate","company_logo":"","position":"Senior Platform Engineer","tags":["aws","Terraform","dev","javascript","typescript","postgres","api","Pulumi","docker"],"description":"

What is Loancrate?<\/strong><\/h2>

We started Loancrate to make home-buying simpler and less expensive for lenders and borrowers (us!). Today, mortgage lenders are stuck running their companies on software products built 20 years ago. These products are slow, unstable, and don't lead to material improvements in efficiency. When using these systems, the average human cost to originate a loan is still over $11,000.<\/p>

Loancrate builds AI-native tooling to automate mortgage workflows. Our ultimate goal is fully automated origination, which has the potential to save lenders over $16B in operating expense per year.<\/p>

Since starting in 2020, our remote team has enabled our customers to power >$85 billion in new home loans. We are a group of people excited to tackle the complexity of the home-lending industry. We care about collaboration, very open communication covering the good & the bad so that we learn from our decisions quickly, and ultimately having fun while we're building. You'll fit in well if you like diving deep quickly!<\/p>

The Opportunity<\/strong><\/h2>

Our dreams are big and we have much to build! We\u00e2\u0080\u0099re looking for a Senior Platform Engineer to build the tooling and systems that let product engineers focus on shipping features fast - without having to worry about performance, reliability, or scale. This role spans infrastructure and<\/em> internal developer tooling: you\u00e2\u0080\u0099ll design self-serve platforms, libraries, and automation that \u00e2\u0080\u009cjust work,\u00e2\u0080\u009d enabling complex product experiences without compromising security or uptime.<\/p>

What To Expect<\/strong><\/h2>

As a Senior Platform Engineer at Loancrate, you\u00e2\u0080\u0099ll ship platform improvements to production early and often - spanning infrastructure, developer tooling, and shared libraries. Within your first month, you'll be diving into mission-critical work such as...<\/p>

  • Designing and building the systems that let engineers deploy dozens of times per day with confidence - from our Buildkite CI\/CD pipelines and per-PR ephemeral environments to our IaC-managed AWS infrastructure.<\/p><\/li>

  • Creating self-serve developer experiences - local dev tooling, templates, golden paths, and CI-integrated workflows - so \u00e2\u0080\u009cthe right thing\u00e2\u0080\u009d is the easy thing.<\/p><\/li>

  • Extending our internal TypeScript tooling - from schema\/code generation to data access libraries - so teams can build features faster with safer, more consistent primitives.<\/p><\/li>

  • Making Loancrate's platform observable and self-healing - instrumenting our services with Datadog, building alerting that actually signals rather than spams, and reducing the blast radius of incidents before they happen.<\/p><\/li>

  • Baking security into our platform defaults - across infra and developer tooling - while keeping engineering velocity high.<\/p><\/li>

  • Solving interesting scaling problems as our AI-native mortgage platform grows - from Aurora PostgreSQL tuning to Kafka throughput to cost-efficient compute autoscaling.<\/p><\/li><\/ul>

    Core Responsibilities<\/strong><\/h2>

    • Own and evolve our AWS infrastructure using Terraform and Pulumi Cloud - treating infrastructure as a product that engineering teams depend on.<\/p><\/li>

    • Design and maintain internal developer tooling and libraries that standardize how we build and ship - code generation, shared SDKs, data access patterns, and service scaffolding.<\/p><\/li>

    • Create and maintain golden paths for common workflows (new service setup, background jobs, event streams, APIs) so teams can ship quickly with built-in security and observability (and consistent defaults across services).<\/p><\/li>

    • Build and maintain CI\/CD pipelines and per-PR ephemeral environments that make deploying feel easy and safe.<\/p><\/li>

    • Drive reliability through SLOs, auto-scaling, incident response, and postmortems - and build systems that make the next incident less likely.<\/p><\/li>

    • Create observability tooling and shared instrumentation libraries that give engineers real-time insight into their services.<\/p><\/li>

    • Enforce security best practices across IAM, secrets management, encryption, audit logging, and DDoS protection.<\/p><\/li>

    • Own the reliability and performance of our data platform (Aurora PostgreSQL) - provisioning, backups, failover, and tuning - and build tooling that makes safe usage the default.<\/p><\/li>

    • Reduce toil through automation and self-service tooling so engineers can move fast without waiting on the platform.<\/p><\/li>

    • Contribute to architecture decisions and documentation, and participate in on-call rotation (shared by the whole engineering team).<\/p><\/li><\/ul>

      Tech Stack<\/strong><\/h2>

      Our infrastructure runs on AWS and is managed 100% with Terraform and Pulumi Cloud. Application services run in Docker on ECS EC2 or Fargate. Key services include Aurora PostgreSQL, ElastiCache (Redis), MSK (Kafka), and OpenSearch. Our CI\/CD runs on Buildkite with TypeScript pipeline-as-code.<\/p>

      We also maintain internal TypeScript platform libraries (codegen, service templates, shared data access\/instrumentation) that power consistent APIs and developer workflows across the monorepo. Observability is powered by Datadog, CloudWatch, and Sentry. DNS and CDN are handled by Cloudflare. Application code is a TypeScript monorepo running Node\/Express with a React frontend and GraphQL\/Apollo API layer. We use GitHub for source control.<\/p>

      Preferred Skills and Background<\/strong><\/h2>

      (It's okay not to have all of these things - these are just some skills we are excited about!)<\/p>

      • \u00f0\u009f\u00a7\u00a9 Experience building internal platforms \/ developer tooling: code generation, CLIs, templates, shared SDKs, or frameworks that improve engineering velocity.<\/p><\/li>

      • \u00f0\u009f\u008f\u0097\u00ef\u00b8\u008f Strong TypeScript skills and API design taste - you enjoy building stable primitives that other engineers rely on.<\/p><\/li>

      • \u00f0\u009f\u008c\u00a9 Deep AWS experience across compute, networking, storage, and security (ECS, Lambda, VPC, ALB, IAM, RDS, ElastiCache, MSK, OpenSearch, S3, CloudWatch, CloudTrail, GuardDuty).<\/p><\/li>

      • \u00f0\u009f\u008f\u00a0 Strong Terraform and\/or Pulumi proficiency: modules, workspaces, and CI-driven plan\/apply workflows.<\/p><\/li>

      • \u00f0\u009f\u009a\u0080 Experience designing and operating CI\/CD systems that help large engineering teams ship frequently and confidently.<\/p><\/li>

      • \u00f0\u009f\u0094\u008d Track record building production observability stacks (Datadog, CloudWatch, Sentry, distributed tracing, SLOs).<\/p><\/li>

      • \u00f0\u009f\u00a7\u00b1 You\u00e2\u0080\u0099ve built \u00e2\u0080\u009cpaved roads\u00e2\u0080\u009d that bake in secure, reliable defaults (instrumentation helpers, policy-as-code, safe-by-default deployment patterns).<\/p><\/li>

      • \u00f0\u009f\u0094\u0092 Security-first mindset - you proactively harden infrastructure without slowing teams down.<\/p><\/li>

      • \u00f0\u009f\u009b\u00a2 Aurora PostgreSQL operations at scale: backups, PITR, failover, read replicas, query tuning.<\/p><\/li>

      • \u00f0\u009f\u00a7\u00b0 Comfort with Docker and container orchestration environments.<\/p><\/li>

      • \u00f0\u009f\u0093\u008a Reliability engineering mindset: SLOs, error budgets, incident response.<\/p><\/li>

      • \u00f0\u009f\u00a4\u0096 Curiosity about the unique infrastructure demands of AI and LLM workloads.<\/p><\/li>

      • \u00f0\u009f\u0093\u009d Strong written communication - you document decisions and help the team understand the systems they depend on.<\/p><\/li><\/ul>

        Perks & Benefits<\/strong><\/h2>

        • Robust medical coverage (100% of employee + family premiums covered)<\/p><\/li>

        • Vision & dental coverage<\/p><\/li>

        • 401(k)<\/p><\/li>

        • HSA \/ FSA<\/p><\/li>

        • Remote-first culture - work from wherever you do your best work<\/p><\/li>

        • Flexible time off - we trust you to manage your time<\/p><\/li><\/ul>


          <\/p>

          Loancrate is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or any other legally protected characteristic.<\/em><\/p>Please mention the word **AMBITIOUSLY** and tag RMjE2LjczLjIxNi4xMDU= when applying to show you read the job post completely (#RMjE2LjczLjIxNi4xMDU=). This is a beta feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human.","location":"","salary_min":10000,"salary_max":300000,"apply_url":"https:\/\/remoteOK.com\/remote-jobs\/remote-senior-platform-engineer-loancrate-1130797","original":true,"logo":"","url":"https:\/\/remoteOK.com\/remote-jobs\/remote-senior-platform-engineer-loancrate-1130797"},{"slug":"remote-senior-security-engineer-loancrate-1130795","id":"1130795","epoch":1773669198,"date":"2026-03-16T13:53:18+00:00","company":"Loancrate","company_logo":"","position":"Senior Security Engineer","tags":["infosec","Terraform","docker","postgres","javascript","typescript"],"description":"

          What is Loancrate?<\/strong><\/h2>

          We started Loancrate to make home-buying simpler and less expensive for lenders and borrowers (us!). Today, mortgage lenders are stuck running their companies on software products built 20 years ago. These products are slow, unstable, and don't lead to material improvements in efficiency. When using these systems, the average human cost to originate a loan is still over $11,000.<\/p>

          Loancrate builds AI-native tooling to automate mortgage workflows. Our ultimate goal is fully automated origination, which has the potential to save lenders over $16B in operating expense per year.<\/p>

          Since starting in 2020, our remote team has enabled our customers to power >$85 billion in new home loans. We are a group of people excited to tackle the complexity of the home-lending industry. We care about collaboration, very open communication covering the good & the bad so that we learn from our decisions quickly, and ultimately having fun while we\u00e2\u0080\u0099re building. You\u00e2\u0080\u0099ll fit in well if you like diving deep quickly!<\/p>

          The Opportunity<\/strong><\/h2>

          Our dreams are big and we have much to build! We\u00e2\u0080\u0099re looking for a Senior Security Engineer who makes Loancrate more secure - without making it harder to build here. You\u00e2\u0080\u0099ll build systems, guardrails, and tooling that catch issues early, make secure defaults easy, and help engineers move fast and sleep at night. We handle some of the most sensitive personal and financial data in the country, and we take that responsibility seriously - security is an enabler here, not a gatekeeper.<\/p>

          This is an IC role with broad scope - you\u00e2\u0080\u0099ll work across application security, infrastructure security, compliance, and internal tooling. If you\u00e2\u0080\u0099ve been in fintech or another regulated industry and gotten frustrated watching security slow engineering down, this is your chance to do it differently. You\u00e2\u0080\u0099ll write code, ship tooling, and improve our defaults - not just write policies.<\/p>

          What To Expect<\/strong><\/h2>

          As a Senior Security Engineer at Loancrate, you\u00e2\u0080\u0099ll get into the codebase and infrastructure quickly. Within your first month, you\u00e2\u0080\u0099ll be contributing to work such as...<\/p>

          • Conducting a comprehensive threat model of our application and infrastructure layers, identifying the highest-leverage gaps and building a pragmatic remediation roadmap.<\/p><\/li>

          • Hardening our AWS infrastructure - IAM least-privilege, secrets management, network segmentation, CloudTrail audit coverage, and GuardDuty alerting - while keeping developer workflows frictionless.<\/p><\/li>

          • Integrating security tooling into our CI\/CD pipeline: SAST, dependency scanning, container image scanning, and secret detection that catches issues before they ship.<\/p><\/li>

          • Partnering with engineering on our SOC 2 Type II posture - working across evidence collection, control design, and vendor risk so that compliance is a byproduct of doing good security, not a separate workstream.<\/p><\/li>

          • Building secure-by-default patterns and libraries (authn\/authz helpers, input validation, secure logging\/redaction) so teams don\u00e2\u0080\u0099t have to reinvent security per service.<\/p><\/li><\/ul>

            Core Responsibilities<\/strong><\/h2>

            • Lead and drive Loancrate\u00e2\u0080\u0099s security posture across application security, cloud security, identity, and compliance - partnering closely with engineering and leadership.<\/p><\/li>

            • Perform regular threat modeling, vulnerability assessments, and penetration testing - and work directly with engineering to remediate findings fast.<\/p><\/li>

            • Build and maintain security tooling and automation: SAST\/DAST, dependency scanning, container scanning, SBOM management, and secret detection integrated into CI\/CD.<\/p><\/li>

            • Harden our AWS environment: IAM, VPC boundaries, secrets management (AWS Secrets Manager), audit logging, GuardDuty, Security Hub, KMS key management, and DDoS protection.<\/p><\/li>

            • Own our SOC 2 Type II program - design practical controls, automate evidence collection where possible, manage the auditor relationship, and drive continuous improvement.<\/p><\/li>

            • Lead or coordinate incident response for security events - runbooks, postmortems, and clear communication to customers and leadership when needed.<\/p><\/li>

            • Establish and maintain a secure SDLC - lightweight design reviews, threat modeling in planning, and developer enablement (training, docs, examples) that scales.<\/p><\/li>

            • Maintain a risk register - tracking identified threats, ownership, and remediation status so nothing falls through the cracks.<\/p><\/li>

            • Partner with Operations on endpoint and device security: laptop hardening, MDM policy, hardware key rollout, and offboarding access revocation.<\/p><\/li>

            • Manage third-party and vendor security risk, including due diligence for new integrations and annual reviews of existing vendors.<\/p><\/li>

            • Own identity and access infrastructure: SSO, MFA enforcement (including hardware key policies), SCIM provisioning, and access reviews.<\/p><\/li>

            • Contribute to security documentation, internal runbooks, and team education - you make the secure path the easy path.<\/p><\/li><\/ul>

              Tech Stack<\/strong><\/h2>

              Our infrastructure runs on AWS and is managed 100% with Terraform and Pulumi Cloud. Application services run in Docker on ECS EC2 or Fargate. Key services include Aurora PostgreSQL, ElastiCache (Redis), MSK (Kafka), and OpenSearch. Our CI\/CD runs on Buildkite with TypeScript pipeline-as-code. Observability is powered by Datadog, CloudWatch, and Sentry. DNS and CDN are handled by Cloudflare. Application code is a TypeScript monorepo running Node\/Express with a React frontend and GraphQL\/Apollo API layer. We use GitHub for source control.<\/p>

              Preferred Skills and Background<\/strong><\/h2>

              (It\u00e2\u0080\u0099s okay not to have all of these things - these are just some skills we are excited about!)<\/p>

              • \u00f0\u009f\u0094\u0092 Deep application security experience: threat modeling, OWASP Top 10 (and beyond), secure code review, SAST\/DAST tooling, and working directly with engineers to fix what you find.<\/p><\/li>

              • \u00e2\u009a\u00a1 Strong AWS security experience across IAM, VPC, GuardDuty, Security Hub, CloudTrail, KMS, Secrets Manager, and WAF.<\/p><\/li>

              • \u00f0\u009f\u008f\u00a0 Terraform and\/or Pulumi proficiency - you can read and contribute to infrastructure-as-code, and you understand the security implications of what you\u00e2\u0080\u0099re reviewing.<\/p><\/li>

              • \u00f0\u009f\u0093\u008b Hands-on SOC 2 experience: you\u00e2\u0080\u0099ve designed controls, collected evidence, and managed an auditor relationship - not just checked boxes.<\/p><\/li>

              • \u00f0\u009f\u009a\u0080 CI\/CD security experience: integrating security tooling into developer pipelines in a way engineers actually appreciate.<\/p><\/li>

              • \u00f0\u009f\u008f\u00a6 Fintech or regulated industry experience - you understand the intersection of security, compliance, and data privacy in a lending or financial services context.<\/p><\/li>

              • \u00f0\u009f\u00a4\u009d Collaborative mindset - you build relationships with engineering rather than operating as an external reviewer or blocker. You measure success by how secure the product is, not how many policies you\u00e2\u0080\u0099ve issued.<\/p><\/li>

              • \u00f0\u009f\u0094\u0091 Identity and access experience: SSO\/SAML, SCIM, MFA enforcement, hardware security keys, and access review programs.<\/p><\/li>

              • \u00f0\u009f\u009b\u00a1\u00ef\u00b8\u008fFamiliarity with data security for sensitive personal and financial data - encryption at rest and in transit, data classification, and minimization.<\/p><\/li>

              • \u00f0\u009f\u0093\u009d Strong written communication - you document decisions, write clear runbooks, and communicate security risks to non-security audiences without FUD.<\/p><\/li>

              • \u00f0\u009f\u00a7\u00ae Scripting and automation chops (Python, Bash, or similar) - you build tools to make security scalable, not just write policies.<\/p><\/li><\/ul>

                Perks & Benefits<\/strong><\/h2>

                • Robust medical coverage (100% of employee + family premiums covered)<\/p><\/li>

                • Vision & dental coverage<\/p><\/li>

                • 401(k)<\/p><\/li>

                • HSA \/ FSA<\/p><\/li>

                • Remote-first culture - work from wherever you do your best work<\/p><\/li>

                • Flexible time off - we trust you to manage your time<\/p><\/li><\/ul>


                  <\/p>

                  Loancrate is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or any other legally protected characteristic.<\/em><\/p>Please mention the word **YAY** and tag RMjE2LjczLjIxNi4xMDU= when applying to show you read the job post completely (#RMjE2LjczLjIxNi4xMDU=). This is a beta feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human.","location":"","salary_min":10000,"salary_max":300000,"apply_url":"https:\/\/remoteOK.com\/remote-jobs\/remote-senior-security-engineer-loancrate-1130795","original":true,"logo":"","url":"https:\/\/remoteOK.com\/remote-jobs\/remote-senior-security-engineer-loancrate-1130795"}]