Security Engineer

PostHog

32d

About The Position

We're shipping every product that companies need to run their business from their first day, to the day they IPO, and beyond. The operating system for folks who build software. We started with open-source product analytics, launched out of Y Combinator's W20 cohort. We've since shipped more than a dozen products, including: A built-in data warehouse, so users can query product and customer data together using custom SQL insights. A customer data platform, so they can send their data wherever they need with ease. PostHog AI, an AI-powered analyst that answers product questions, helps users find useful session recordings, and writes custom SQL queries. Next on the roadmap are CRM, Workflow, revenue analytics, and support products. When we say every product that companies need to run their business, we really mean it! We are: Product-led. More than 100,000 companies have installed PostHog, mostly driven by word-of-mouth. We have intensely strong product-market fit. Default alive. Revenue is growing 10% MoM on average, and we're very efficient. We raise money to push ambition and grow faster, not to keep the lights on. Well-funded. We've raised more than $100m from some of the world's top investors. We're set up for a long, ambitious journey. We're focused on building an awesome product for end users, hiring exceptional teammates, shipping fast, and being as weird as possible. We are looking for an expert security generalist to assist with all things security at PostHog. Someone equally adept (and interested!) in building secure libraries, writing semgrep rules, hardening cloud deployments, improving network observability, and leading incident response. PostHog is growing fast, and our attack surface is growing with it. We recently rolled out Wiz, and while it’s given us great visibility, it’s not enough. Currently, we have one security specialist and our infra engineers are spending part of their time on supporting him with security triage rather than building infrastructure. We need to fix that. We’re looking for someone to take the reins of our security operations, build out our detection pipelines, and ensure that when something goes bump in the night, we have the observability to know exactly what happened. This is a unique role as you’ll: Build from Scratch: You aren't maintaining someone else's legacy SIEM. You are shaping the security team, culture and tooling for a high-growth, open-source company. Zero Bureaucracy: We hate meetings. We don't have "Security Committees." You have the autonomy to make changes and move fast. Transparency: We work in the open. You’ll be able to see (and contribute to) how we handled past incidents, like this NPM package compromise. Direct Impact: Your work directly protects the data of thousands of customers. When you improve our security posture, the whole company (and our community) feels it.

Requirements

Cloud Native: You have 3-5+ years of experience in security engineering with a heavy focus on AWS. You know your way around IAM, VPC logs, and CloudTrail like the back of your hand.
Detection Specialist: You’ve used CSPM/CNAPP tools (like Wiz or Prisma) and, more importantly, you know how to build detection pipelines that engineers actually trust.
Battle-Tested: You’ve led incident response before. You’re calm under pressure and know how to coordinate across teams to contain a threat.
High Autonomy: We don’t have a security SOC. You’ll be building this function from scratch, so you need to be comfortable deciding what’s important and executing on it without a manual.
Engineering skills: You bring strong engineering experience and next to digging into code to understand an exploit or a vulnerability, you can write code with the same proficiency as our product engineers.
Communication and attitude: As mentioned before we don't do "Security says no", we do "Security says 'here is how to do this safely.” This is crucial for us, we need people that want to enable engineers and work with them, not limit them.

Responsibilities

Triage and Tune: You’ll own our Wiz alerts. You’ll be responsible for turning "noise" into "actionable findings" and ensuring we aren't just staring at a dashboard of issues that don't actually matter. We already get relatively few alerts, and we’d like to even further reduce that to just the ones that matter.
Incident detection, response: You’ll lead the charge on security incidents. Whether it’s a compromised NPM package or a suspicious IAM pattern, you’ll help coordinate the response and lead the post-mortem. You’ll also help build our IR runbooks.
Build Observability: You’ll build detection pipelines, and close our network-based observability gaps. We want to be able to trace network requests and suspicious activity all the way back to specific code paths.
Threat Hunting: You’ll proactively hunt for threats in our AWS environment. You won't just wait for an alert; you'll define what "good" looks like and build the telemetry to prove it.
The VDP: You’ll support our Vulnerability Disclosure Program, triaging reports from researchers and eventually transitioning us toward a formal bug bounty program.
Enable the Team: You’ll support our product squads with threat modeling and secure design reviews. We don't do "Security says no", we do "Security says 'here is how to do this safely.'"
Help build our security culture: Our engineers trust the security team and view security as an enabler. You’ll be a crucial part of helping to continue this excellent (and uncommon) working relationship.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume