Staff Security Engineer

This is a fully remote position, open to applicants in Texas.

📋 Description

• Oversee the design and execution of security solutions across Fullscript's applications, platforms, and AI-driven systems.

• Collaborate with engineering teams to integrate security measures throughout the software development lifecycle, which includes architecture evaluations, threat modeling, secure coding methodologies, and design assessments.

• Lead initiatives in application security, product security, and vulnerability management from inception to execution.

• Tackle intricate security challenges that involve multiple teams, balancing technical demands, business objectives, and engineering limitations to provide scalable solutions.

• Guide engineers and security professionals, elevating standards for secure software development and assisting teams in making informed security choices.

• Shape technical strategy and security protocols through practical engineering, technical leadership, and cross-departmental collaboration.

• Keep abreast of emerging threats, security technologies, and AI-specific vulnerabilities to influence Fullscript's long-term security framework.

⛳️ Requirements

• A minimum of 8 years of experience in software engineering, focusing on designing, building, and maintaining production systems.

• At least 3 years of recent experience in application security, product security, security engineering, or a comparable security field.

• Profound knowledge of secure software development practices, modern application architectures, APIs, and cloud-native environments.

• Proven experience leading complex technical projects from problem identification to delivery, including cross-team and stakeholder collaboration.

• Demonstrated capability to influence technical direction, mentor engineers, and promote the adoption of security best practices.

• Strong practical experience with security tools, automation, vulnerability management, and security evaluations.

• Exceptional communication abilities, sound technical judgment, and a commitment to continuous learning.

• Bonus if you have:

• Experience securing Ruby on Rails, Node.js, JavaScript, GraphQL, or similar application ecosystems.

• Familiarity with AWS cloud security and cloud-native security controls.

• Knowledge of threat modeling methodologies such as STRIDE, PASTA, or similar frameworks.

• Experience in vulnerability management, application security posture management, or developer security tooling.

• Familiarity with GitHub, GitLab, Wiz, static analysis tools, secret scanning, or other related security platforms.

• Experience conducting penetration testing, security research, or ethical hacking.

• Experience protecting healthcare, regulated, or sensitive customer data.

🏝️ Benefits

• Remote-first flexibility to work from your preferred location, with a preference for North America (Ottawa, Toronto, or Calgary) for this position.

• Flexible PTO and competitive compensation, because maintaining work-life balance is important.

• RRSP/401k matching and stock options to help you invest in your future.

• Comprehensive benefits package with customizable coverage, paramedical services, and an HSA.

• Discounts on premium Fullscript wellness products.

• Ongoing learning opportunities to enhance your skills and advance your career.