Senior Embedded InfoSec Engineer

About The Position

Requirements

• Embedded Builder: You've been the security engineer on a product team, not just a reviewer at the gate. You write code, file PRs, and ship fixes yourself when it's the fastest path.
• AppSec at Consumer Scale: You've run or heavily contributed to an application security program inside a consumer product used by millions — you know the real tradeoffs between coverage, velocity, and risk.
• Offensive Hands-On: You can pen test, not just read pen test reports. You've found real bugs in real systems and shepherded them through to fix.
• Partner-Compliance Fluent: You've architected against partner security frameworks (or equivalents — SOC 2, PCI, vendor security reviews) and know how to translate requirements into real controls without theater.
• AI-Native: You aren't just curious about AI; you are burning through tokens, using coding agents daily, and thinking about how AI changes both how we build and what we have to defend.
• Scrappy & Scaled: You have the startup experience to build from zero with a nimble team, plus the big-tech exposure to know what breaks when a product hits massive scale.
• Action-Oriented: You thrive in ambiguity and prefer shipping controls over writing policy. You'd rather land a fix than run a meeting.

Responsibilities

• Embed directly with product squads — membership app, marketplace, data & identity — to threat-model, review, and harden features before they ship.
• Own the application security program end-to-end: secure SDLC, code review, dependency and supply-chain controls, and developer-facing security tooling.
• Run the pen testing program — hands-on offensive work plus coordination of external engagements — and turn findings into fixed issues, not tickets in a backlog.
• Architect the security controls and documentation that meet partner security requirements, so partnership deals close on our schedule.
• Set the security baseline for a zero-to-one, AI-native stack: coding agents, model and prompt security, and the new attack surface that comes with AI-native products.
• Write the playbook — standards, guardrails, and the "paved road" — so as the org scales, secure is the easy path.

Benefits

• Competitive Salary
• Generous Medical (Blue Cross Blue Shield), Dental, Vision and company-paid Life Insurance
• Company contributions to employee Health Savings Accounts (HSA)
• 401k Plan with Safe Harbor company-matching
• Flexible vacation policy and paid company holidays
• Company-provided technology package
• Relocation assistance where applicable, including travel and company-provided housing for the first 90 days