Casca is building AGI for banking.

We are replacing 30+ year-old legacy technology with AI-native systems of record that automate 90% of the manual work humans used to have to do.

Our first product is an AI-native Loan Origination System - with a built-in AI Agent, called Sarah. Sarah communicates with small business loan applicants via email or sms, guides them through the application process and prepares the loan file for a human underwriter.

Why? Small businesses are the heart of the American economy and a lot of banks shy away from providing funding because of the manual effort in pursuing those deals. With us, that changes and unlocks affordable, quick bank funding for the 30M+ small businesses in the US as opposed to the high interest rates from online lenders.

Who are we?

• All-Stanford Founding team
• Industry experts that have grown banking software companies to $150M+ in ARR
• We are a fun group of former competitive athletes and gamers. We like to win and we know that the only thing between us and the title is our own ability to improve every day.

Why Casca?

Casca is building AGI for banking. We’re replacing decades-old legacy systems with AI-native technology that automates 90% of the manual work humans once had to do.

Role Overview

We're seeking a Product Security Engineer to join our team in securing our AI-driven lending platform. In this critical role, you'll collaborate closely with engineering, product, and compliance teams to embed security into every stage of development, ensuring our platform remains protected in a competitive fintech landscape.

What you'll do:

• Build secure-by-default libraries and tools that make the secure path the easiest and most attractive choice for developers and their AI agents

• Partner closely with engineering teams to incorporate secure design principles at every stage of development

• Review security-critical code and own key parts of the product, including authentication and access control

• Contribute meaningfully to the Casca code base

• Audit the existing codebase for vulnerabilities

• Improve our static analysis and vulnerability management tooling

• Discover vulnerabilities through red team exercises

• Participate in incident response

What you'll bring:

• 2+ years of experience in product security, application security, offensive security, and/or security-focused software engineering

• Proven ability to identify software vulnerabilities, demonstrated through CVEs, bug bounty awards, blog posts, or prior work experience

• Strong expertise in web application security

• Strong communication and collaboration skills, particularly with engineering teams

Bonus points:

• Open source contributions

• Experience red teaming LLMs and AI-native applications

• Experience managing cloud environments (e.g. Azure, GCP, AWS)

• Experience working at or with a small company or a hyper-growth startup

What you'll get:

• Impact & Ownership : A unique opportunity to shape the future of banking through AI, owning end-to-end product initiatives.

• Collaborative Environment : Work alongside a talented and passionate team that values continuous improvement and knowledge sharing.

• Competitive Compensation : Includes salary, benefits, and potential equity in a fast-growing startup.

• Professional Growth : Access to resources and mentorship to expand your skill set, influence strategy, and accelerate your career.

• Culture of Innovation : We encourage risk-taking, learning from failures, and pushing the boundaries of what’s possible in fintech.

As an early-stage company building at the frontier of AI, we work with high intensity and commitment. While schedules can vary by role/team, many weeks will demand extra focus, flexibility and time particularly during major launches and high impact sprints. We're seeking those who are aligned to and able to commit to that expectation which includes 5 days per week in our San Francisco Office.

Next.js, React, TypeScript, Python, Tailwind, Postgres, AWS, Vercel, Elastic