Lead Security Engineer

About The Position

Requirements

• 7+ years in security engineering, application security, cloud security, product security, platform security, or closely related technical security roles, ideally in a high-growth SaaS or technology company.
• Proven ability to lead broad security engineering initiatives as a senior IC, influence cross-functional technical decisions, and move work from strategy to production implementation.
• Strong working knowledge of secure SDLC practices, secure design review, threat modeling, API security, code scanning, SAST, CI/CD security integrations, security testing, defect management, and vulnerability remediation workflows.
• Hands-on experience with AWS-native security patterns and services, including IAM, KMS, CloudTrail, GuardDuty, Security Hub, VPC segmentation, WAF, Secrets Manager, S3/RDS encryption, infrastructure-as-code security, container orchestration security, and cloud posture management.
• Ability to guide secure system builds involving access control, encryption standards, key and certificate management, vaulting, secrets management, and managed HSM/KMS-backed cryptographic services.
• Experience hardening build, test, and deployment workflows through dependency scanning, SBOMs, artifact signing, secret scanning, CI/CD guardrails, least-privilege automation, and container security controls.
• Ability to use frameworks such as NIST CSF 2.0 and OWASP SAMM pragmatically to assess current state, sequence improvements, define metrics, and mature security practices iteratively.
• Clear communicator who can partner with engineering, product, platform, compliance, and business teams; write practical guidance; teach developers; and create durable security champions programs.
• Strong judgment in prioritizing technical risk reduction, managing ambiguity, documenting decisions, and building lightweight processes that scale with the company.

Nice To Haves

• Operated as a senior IC or technical lead for security engineering work, setting strategy while staying hands-on with design reviews, code, automation, tooling, and operational follow-through.
• Deep experience with secure SDLC practices, shift-left security, threat modeling, API security, SAST/code scanning, CI/CD security integrations, security QA, vulnerability management, and developer-friendly security UX.
• Comfortable partnering with Platform Engineering on IAM, KMS, CloudTrail, GuardDuty, Security Hub, VPC and network segmentation, WAF, Secrets Manager, RDS, S3, infrastructure-as-code security, container security, and continuous cloud posture management.
• Able to reason about access control, encryption standards, certificate management, vaulting, key management, HSM/KMS-backed cryptography, secure system builds, DDoS/WAF/network design, and detection engineering in a modern SaaS environment.
• Experienced improving dependency management, SBOM generation, artifact signing, secret scanning, third-party risk input, CI/CD hardening, and the security of build and release pipelines.
• Familiar with NIST CSF 2.0 as a practical maturity framework and able to use OWASP SAMM to shape application security and engineering maturity.
• Treat security as an engineering enablement function, building scalable guardrails, paved roads, documentation, training, security champions, and feedback loops that help teams move faster with less risk.
• Experience securing fintech, benefits, payroll, payments, or other regulated SaaS platforms that process PII, financial data, HRIS data, transaction data, or customer administrative workflows.
• Familiarity with SOC 2, HITRUST, PCI, or similar compliance and audit programs, with the ability to support evidence and control design while staying focused on technical risk reduction.
• Experience with AWS serverless and managed-service architectures, including API Gateway, Cognito, Lambda, ECS/EKS, RDS, S3, Transfer Family, CloudFront, and event-driven security monitoring patterns.
• Background with mobile application security for iOS and Android, including secure token handling, platform keychain/keystore patterns, OTA update risk, and mobile API abuse prevention.
• Experience with detection-as-code, SIEM/SOAR workflows, security data pipelines, incident response automation, or measurable improvements to alert quality and response readiness.
• Hands-on experience with Terraform, CloudFormation, CDK, policy-as-code, CSPM/CWPP tools, container image scanning, runtime security, or Kubernetes/ECS hardening.
• Experience designing developer education, secure coding workshops, security champions programs, or other scalable practices that improve security outcomes without slowing delivery.
• Experience defining practical governance for LLMs, AI coding assistants, prompt/data handling, model/tool approval, and sensitive data protection in AI-enabled software development workflows.

Responsibilities

• Build, operationalize, and scale security engineering practices.
• Protect the benefits platform and sensitive employee, benefits, and financial data.
• Work across application security, cloud security, security architecture, supply chain security, detection engineering, and vulnerability management.
• Balance security depth with speed and pragmatism.
• Act as a senior individual contributor and technical lead with broad influence across Engineering, Product, Platform, and Compliance.
• Partner with teams building web and mobile applications, backend services, system integrations, card and banking workflows, infrastructure as code, and data platforms.
• Turn risk reduction into scalable guardrails, automated controls, and clear engineering guidance.
• Set direction and mature security capabilities.
• Introduce strong standards and ship incremental improvements.
• Make secure paths the easiest paths for engineers.
• Define secure AI tooling usage, LLM and code-assistant governance, and data protection practices for AI-enabled development workflows.
• Balance ideal security outcomes with engineering velocity and business priorities.
• Make clear tradeoffs and prioritize risks for a growing startup.

Benefits

• 95% coverage of medical, dental, and vision
• $250 WFH setup (one time)
• $500/year Learning & Development Benefit
• $150/month cell phone + internet
• $100/month Wellness
• $100/month Co-working and Commuter Benefit
• Several team onsites a year
• Flexible PTO