Founding Security Engineer

Promise•Oakland, CA

About The Position

Promise modernizes how government agencies and utilities support people in financial difficulty. We build technology that makes it simple for residents to receive benefits, engage with assistance programs, set up flexible payment plans, and stay on track—while helping agencies increase efficiency, recover revenue, and deliver services with dignity. Our mission is to transform public systems so they work better for everyone, especially the most vulnerable. Our team includes experts from companies like Palantir, Google, Stripe , and esteemed government leaders. We work hard and believe deeply in what we do. We're looking for excellent people to build innovative, resilient technology. Backed by over $50 million in funding from top investors – such as Reid Hoffman, Howard Schultz, Michael Seibel, Y Combinator, 8VC, The General Partnership, First Round Capital, Kapor Capital, XYZ Ventures, and Bronze Investments – Promise has been recognized as one of Fast Company's "World's Most Innovative Companies of 2022,” “Forbes Next Billion-Dollar Startups 2024,” and Y Combinator’s #1 GovTech startup. We’re hiring a Founding Security Engineer to be our first dedicated security generalist who can both set strategic direction and ship concrete improvements across our entire security surface area. Our security team orients around enabling Promise and its clients while guaranteeing a high standard of security. We look for ways to solve problems together with security as one of the key outcomes.

Requirements

5–8 years of experience, with meaningful time focusing on security.
Strong understanding of cloud security + networking (GCP preferred).
Comfortable reading code and shipping fixes; Python scripting strongly preferred.
Experience operating security tooling (endpoint/EDR, MDM, audit logging/alerting, CSPM).
Familiarity with GitHub, Terraform, and CI/CD security fundamentals.
Desire to enable innovation and development

Nice To Haves

WAFs / web app security controls
Threat modeling experience
Deep Kubernetes hardening/runtime experience

Responsibilities

Build and run detection: write, tune, and respond to Python-based rules to catch anomalous activity and improve signal-to-noise.
Partner with our Infrastructure team to secure GCP + cloud networking and improve Kubernetes security.
Strengthen application security and help make pragmatic upgrades (e.g., Next.js, dependencies).
Improve security through code + automation (guardrails, checks, remediation workflows).
Own vulnerability management end-to-end: identify, prioritize, and drive fixes to closure in coordination with codeowners
Help build a strong security culture through clear guidance, training, and partnership with engineers.
Develop technical and policy frameworks to guide ambitious and safe AI adoption company-wide.
Collaborate closely with engineering on secure product design and technical implementation.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume