Security Engineer

About The Position

Requirements

• 4+ years of hands-on experience in security engineering with success across both infrastructure and application layers.
• Prior leadership experience in scaling tech companies or startups, ideally in roles that bridged strategy and execution.
• Ability to translate complex security concepts into clear language for both technical and non-technical audiences.
• Deep background in risk assessment, threat modeling, and vulnerability management.
• Practical experience with GCP, Azure, or AWS, combined with a strong understanding of infrastructure and API-level security.
• Familiarity with secure coding practices, especially in JavaScript/TypeScript, Go, and Node.js.
• Experience with modern security tooling and automating testing across build and deployment pipelines.

Responsibilities

• Design and Implement Security Frameworks: Drive the creation and execution of security measures across both infrastructure and application layers (Render.com, Vercel, GCP, Azure, Kubernetes), ensuring StackAI remains secure as we scale rapidly.
• Shape the Security Vision: Define and roll out a comprehensive security strategy, embedding best practices across engineering and product teams to safeguard data and systems.
• Build and Lead the Security Organization: Recruit, mentor, and manage a high-performing security team while fostering a culture of technical excellence and proactive defense.
• Integrate Security into Development: Partner with engineering teams to embed security into CI/CD pipelines and the entire software development lifecycle, making security a core part of how we build.
• Manage External Security Partnerships: Oversee relationships with penetration testing firms, compliance auditors, and security vendors to strengthen our defenses and maintain trust.
• Support Customer and Partner Trust: Work closely with customer-facing teams to clearly communicate StackAI’s security posture, compliance commitments, and incident response readiness.
• Harden Third-Party Dependencies: Evaluate and continually improve the security of external tools, APIs, and integrations critical to our platform.
• Lead Incident Response: Own the security incident response process, coordinating resolution efforts across teams and implementing long-term preventive measures.
• Ensure Compliance and Audit Readiness: Collaborate with operations and legal teams to prepare for audits (e.g., SOC 2, ISO 27001) and uphold top-tier standards for regulatory and vendor security.