Senior Security Engineer

This is a fully remote position, open to applicants in New York.

📋 Description

• Take ownership of and enhance our vulnerability management program, concentrating on application security — including container images, dependencies, code scanning, and runtime detection.

• Develop and sustain security tools that seamlessly integrate into CI/CD pipelines and developer workflows, ensuring that security is embedded automatically rather than functioning as a barrier.

• Leverage AI extensively to accelerate coding, automate analyses that would typically require manual scrutiny, and create advanced tools that scale beyond what a small team could accomplish manually.

• Evaluate and enhance how we utilize available telemetry throughout our systems.

• Collaborate directly with engineering teams to promote secure development practices — not through setting standards and documentation, but by delivering tools and defaults that simplify the secure path.

• Investigate and respond to security findings as necessary, while prioritizing the development of systems that prevent and detect issues over manual interventions.

• Quickly adapt to shifting priorities — our team operates in an agile manner, and the challenges of tomorrow may differ from those of today.

⛳️ Requirements

• A minimum of 5 years of experience in software and/or platform engineering, with the capability to design, build, and maintain production-grade tools.

• Extensive experience in application security and vulnerability management — you possess a solid understanding of CVEs, dependency risks, container security, and SDLC integration, along with informed opinions on what requires attention and what is trivial.

• Practical experience with cloud infrastructure, preferably GCP/GKE or its equivalent, and the ability to adapt to our technology stack.

• A proven record of utilizing AI tools — such as coding assistants and LLMs — as an integral part of your development and analysis processes, rather than as an occasional convenience.

• A tendency towards automation — when faced with repetitive manual tasks, your instinct is to create a tool instead of a runbook.

• Comfort with ambiguity and a sense of ownership — you will frequently be the sole person addressing a problem, necessitating independent judgment calls on priority, approach, and scope without awaiting directions.

• Experience in shaping engineering culture regarding security, knowing how to engage developers without hindering their progress.

• Excellent written and verbal communication skills, including the ability to clearly convey our security posture to customers when necessary.

🏝️ Benefits

• A well-funded and established startup with lofty ambitions, offering a competitive salary along with pre-IPO equity packages.

• Unlimited paid time off (PTO).

• Carrot Cash travel stipend.

• On-demand access to co-working space via FlexDesk AND a work-from-home stipend.

• Inquire about our generous parental leave, which exceeds industry standards!

• An entrepreneurial culture where pushing boundaries and taking risks is a daily occurrence.

• Open lines of communication with management and company leadership.

• Small, dynamic teams leading to significant impact.

• 100% employer-covered medical, dental, and vision insurance for employees.

• Access to disability and life insurance.

• Health Reimbursement Account (HRA).

• DCA/FSA and access to a 401k plan.