Senior Security Engineer

This is a fully remote position, open to applicants in Massachusetts.

📋 Description

• Take ownership of and enhance our vulnerability management program with an emphasis on application security — including container images, dependencies, code scanning, and runtime detection.

• Develop and sustain security tools that seamlessly integrate into CI/CD pipelines and developer workflows, ensuring that security is an automatic process rather than a hurdle.

• Leverage AI extensively to accelerate code writing, automate analyses that would typically require manual review, and create intelligent tools that can scale beyond the capabilities of a small team.

• Evaluate and enhance how we utilize available telemetry across our systems.

• Collaborate directly with engineering teams to promote secure development practices — not through the creation of standards and documents, but by delivering tools and defaults that make secure choices the easiest ones.

• Investigate and address security findings when necessary, while prioritizing the development of systems that prevent and detect issues rather than constantly chasing them.

• Quickly adapt as priorities evolve — our team is agile, and tomorrow's challenges may differ from today's.

⛳️ Requirements

• Minimum of 5 years of experience in software and/or platform engineering, with the capability to design, build, and maintain tools of production quality.

• Extensive experience in application security and vulnerability management — you possess a strong understanding of CVEs, dependency risks, container security, and SDLC integration, along with informed opinions on what requires attention and what is merely noise.

• Practical experience with cloud infrastructure, preferably GCP/GKE or a similar platform, with the ability to adapt to our technology stack.

• A proven track record of utilizing AI tools — coding assistants, LLMs — as an integral part of your development and analysis processes, rather than as occasional shortcuts.

• A tendency towards automation — when encountering repetitive manual tasks, your instinct is to develop a tool rather than create a runbook.

• Comfort with ambiguity and a sense of ownership — you will frequently be the sole individual addressing a problem and will need to make judgment calls regarding priority, approach, and scope without waiting for guidance.

• Experience in influencing the engineering culture around security, knowing how to engage developers without hindering their progress.

• Excellent written and verbal communication skills, including the ability to clearly convey our security posture to customers when necessary.

🏝️ Benefits

• A well-funded and established startup with ambitious goals, competitive salary, and the advantages of pre-IPO equity packages.

• Unlimited paid time off.

• Carrot Cash travel stipend.

• Access to co-working space on demand through FlexDesk AND a work-from-home stipend.

• Inquire about our exceptionally generous parental leave, significantly exceeding industry standards!

• An entrepreneurial culture where pushing boundaries and taking risks is part of daily operations.

• Open lines of communication with management and company leadership.

• Small, dynamic teams leading to significant impact.

• 100% employer-covered Medical, Dental, and Vision insurance for employees.

• Access to Disability and Life insurance.

• Health Reimbursement Account (HRA).

• DCA/FSA and access to a 401k plan.