Security Engineer (Backend & Infrastructure)

Location: Remote
Type: Contract (Hourly)
Start: Immediate

About Texas Sports Academy

Texas Sports Academy (TSA) builds modern technology platforms that support student-athletes, families, and coaches. Our systems handle sensitive data and real users every day, which makes security, reliability, and trust non-negotiable.

As we scale, we're investing deeply in securing our backend systems, infrastructure, and data pipelines.

About the Role

We're looking for a Security-focused Backend Engineer with deep experience in cybersecurity, penetration testing, and secure system design.

This is a hands-on role for someone who doesn't just write policies—but actively:

• Finds vulnerabilities

• Breaks systems (ethically)

• Fixes weaknesses

• Helps engineering teams build securely from day one

You'll work closely with backend and product engineers to harden our systems and improve our security posture across the stack.

What You'll Be Doing

• Conduct penetration testing on backend services, APIs, and infrastructure

• Identify and remediate security vulnerabilities across applications and systems

• Review backend architecture and data flows for security risks

• Harden authentication, authorization, and access controls

• Improve secrets management, encryption, and secure storage practices

• Implement and enforce security best practices in CI/CD pipelines

• Monitor and respond to potential security incidents

• Collaborate with engineers to embed security into development workflows

Required Qualifications

Security & Penetration Testing

• Strong experience with penetration testing and vulnerability assessments

• Deep understanding of common attack vectors (OWASP Top 10, API attacks, auth exploits)

• Experience securing REST and RPC-based APIs

• Knowledge of secure authentication, authorization, and identity management

Backend & Infrastructure

• Strong backend engineering background (Node.js, Python, or similar)

• Experience securing databases and backend services

• Familiarity with cloud security concepts (IAM, network security, secrets management)

• Experience reviewing and securing third-party integrations

Mindset & Communication

• Security-first mindset without blocking developer velocity

• Able to explain risks clearly to non-security engineers

• Pragmatic—prioritizes real threats over theoretical ones

• Comfortable working in a fast-moving, remote environment

Nice-to-Haves

• Experience with bug bounty programs or red-team exercises

• Familiarity with Supabase / Postgres security

• Experience with AWS security (IAM, VPCs, Lambda, S3)

• CI/CD security hardening experience

• Knowledge of compliance frameworks (SOC2, GDPR, HIPAA—not required, but helpful)

Tech Stack Overview

• Backend: Node.js, TypeScript

• APIs: tRPC, REST

• Database: Supabase (Postgres), DynamoDB

• Infra: AWS

• Auth & Data: Supabase, third-party integrations

• Monitoring & Analytics: PostHog, RudderStack

What We Value

1. Security with velocity — Protect systems without slowing teams unnecessarily

2. Ownership — You find it, you fix it, you help prevent it

3. Clarity — Explain risk in plain language

4. Pragmatism — Focus on real threats, not checkbox security

5. Continuous improvement — Security is never “done”

How to Apply

Please send:

1. A brief introduction

2. Relevant experience with security or penetration testing

3. Examples of systems you've helped secure (high-level is fine)

4. Your availability and timezone