Sr. Security Engineer

Raptive•New York, NY

2d•Remote

About The Position

Raptive is seeking a Sr. Security Engineer to join their Security team. This role is crucial for enhancing the security of the company's systems, applications, and infrastructure. The ideal candidate will be proficient in both application and infrastructure security, capable of mitigating risks without hindering development speed. The position involves owning and improving core security programs related to cloud infrastructure, Kubernetes, containers, CI/CD, code, and dependencies. Collaboration with engineering, SRE, and cross-functional teams is key to identifying risks, prioritizing remediation, enhancing security practices, and ensuring controls are repeatable, measurable, and auditable. This is a senior-level role requiring quick ramp-up, independent work, clear communication, and the ability to elevate security standards through hands-on engineering, practical advice, and strong partnerships.

Requirements

5+ years of hands-on experience in security engineering, application security, infrastructure security, DevSecOps, or similar roles.
Practical application security experience, including vulnerability management, code review, dependency risk, OWASP issues, authentication, and developer enablement.
Hands-on cloud and infrastructure security experience in environments AWS, GCP, OCI, or similar platforms, including identity, secrets, permissions, and access controls.
Kubernetes and container security experience, including RBAC, secrets, image scanning, and workload security.
Infrastructure-as-Code experience with Terraform or similar tools, including security review of modules and configurations.
Ability to build or improve security automation using Python, Go, shell scripting, or similar languages.
Understanding of AI security risks such as prompt injection, data leakage, unsafe tool use, excessive permissions, and generated-code risk.
Strong written and verbal communication skills.

Nice To Haves

Security certifications such as CCSP, AWS, or similar.
GRC experience with frameworks such as SOC 2, ISO 27001, NIST SP 800-53, NIST SP 800-171, or similar.
Detection and response experience for cloud, application, or platform incidents.
Experience securing AI-assisted development workflows, internal agents, or automation platforms.

Responsibilities

Own vulnerability management across code, cloud, containers, dependencies, Kubernetes, and internet-facing services.
Triage, validate, prioritize, and drive remediation for findings from tools such as GitHub Advanced Security, Wiz, container scanners, and cloud platforms.
Partner with SRE on Kubernetes, Infrastructure-as-Code, CI/CD, cloud posture, secrets, access, and production risk.
Improve application security by partnering with developers focusing on design review, code review, threat modeling, developer guidance, and repeatable remediation patterns.
Review AI-enabled workflows for data exposure, credential handling, tool permissions, prompt injection, automation, and production access risk.
Support SOC 2 compliance efforts by making controls repeatable, measurable, and evidence-ready.
Define security standards for AI-assisted engineering, internal tools, automation, and third-party platforms.