Security Engineer

About The Position

Requirements

• 3+ years of experience in a software, security, infrastructure, or platform engineering role
• Strong coding ability, with experience building and maintaining tooling in languages such as Python or Go
• Experience automating workflows and integrating systems via APIs
• Working knowledge of cloud environments (ideally AWS), including how security and identity controls are implemented
• Interest in engineering solutions to security and compliance problems rather than managing them manually
• Comfort operating across both design and hands-on implementation, with an eagerness to grow into broader security engineering work over time
• Candidates must be eligible to access export-controlled technology, technical data, and/or controlled information, including information subject to the International Traffic in Arms Regulations (ITAR), Export Administration Regulations (EAR), and/or U.S. government contract requirements, without additional U.S. government authorization, unless the company determines that any required authorization can be obtained.

Nice To Haves

• Experience building or automating tooling for security platforms—SIEM, IAM/IdP, vulnerability management, EDR, and cloud security tools
• Experience with compliance automation or GRC tooling (e.g., evidence collection, continuous control monitoring)
• Experience working in or automating for FedRAMP, SOC 2, ISO 27001, Texas RAMP, or CJIS-aligned environments
• Experience with Kubernetes debugging, operations, or automation
• Background supporting government, defense, or other highly regulated customers
• Obtaining FAA Part 107 certification within the first 60 days of employment is strongly encouraged for all Skydio employees and required for certain positions.

Responsibilities

• Design and build automation that operates and enforces security controls—integrating cloud, infrastructure, and identity systems so controls run, and where possible self-remediate, without manual intervention
• Build tooling and integrations across cloud APIs, identity providers (e.g., SCIM provisioning), vulnerability scanners, and ticketing systems into a coherent, automated system
• Automate how we collect, validate, and report compliance evidence continuously across our cloud and corporate environments
• Build dashboards and pipelines that give real-time visibility into control status, gaps, and audit readiness
• As part of Security and GRC, translate framework requirements into practical, testable, code-driven controls
• Improve how we monitor, prioritize, patch, and respond to vulnerabilities across our cloud footprint
• Over time, design and build internal security systems end to end (e.g., vulnerability risk management, web application firewalls), review RFCs, and partner with engineering teams on architecturally significant, security-relevant decisions
• Participate in the security team's on-call rotation

Benefits

• Competitive base salaries
• Equity in the form of stock options
• Comprehensive benefits packages
• Relocation assistance may also be provided for eligible roles
• Paid vacation time
• Sick leave
• Holiday pay
• 401K savings plan
• Group health insurance plans