Senior Security Engineer

GiveCampus

14h•Remote

About The Position

GiveCampus is the world's leading fundraising platform for non-profit educational institutions. Trusted by 1,300+ colleges, universities, and K-12 schools, our mission is to help advance the quality, the affordability, and the accessibility of education. We received a seed investment from Y Combinator in 2015 and have pursued a strategy of 'Sustainable Growth' ever since: achieving six consecutive years of profitability and positive cash-flow while more than quadrupling our revenue, our customer base, and our team. In 2022, we raised $50 million to accelerate the next stage of our growth. Through The GiveCampus Social Mobility Initiative, we've donated $1 million in free fundraising support for programs that help low-income students, first-generation students, and underrepresented minorities. And in 2022 and 2023, we were named to Y Combinator's Top Companies list and the Inc. 5000 list of America's fastest-growing private companies. While we operate at meaningful scale (we've facilitated more than $6 billion in charitable giving), we’re still small relative to the commercial and social good opportunities in front of us. Every GiveCampus employee has a substantial impact on our trajectory, and we're growing to help schools achieve even greater results. Our purpose-driven team of 120+ is located across the US: team members work from anywhere they choose. We have a beautiful 12,000 sf office in Washington, DC that is available for people to use whenever they want, and we regularly organize team meet-ups, events, and retreats in various locations. We're looking to expand our team with diverse and collaborative doers who believe in our mission and the transformative power of affordable, high-quality education. Location: This is a remote-first role based in the U.S. While we embrace flexible, distributed work, we also value in-person connection. Team members are expected to attend multiple company-wide and team-specific onsites throughout the year. We are looking for a brilliant and energetic Senior Security Engineer to join GiveCampus and help us take the platform to the next level. You will be a key member of our team, making technical decisions that will shape the company’s future. As a Senior Security Engineer, you will help lead security initiatives within the organization. You may be a good fit if you’re someone who loves to brainstorm, dive into security challenges, build safeguards, and have a big impact. We are headquartered in Washington, DC, but are hiring across the US.

Requirements

Bachelor’s degree in Computer Science, Cybersecurity or related, or equivalent work experience.
10+ years of hands-on experience in application security and/or infrastructure/cloud security, preferably covering both.
Strong practical experience securing applications (threat modelling, secure design, code review, pen testing) and cloud infrastructure (VPCs, compute/storage, IAM, networking).
Proven experience in AWS: securing AWS services such as EC2, Lambda, EKS, S3, RDS, VPC, IAM.
Experience with infrastructure-as-code (IaC) tools (Terraform, CloudFormation), security automation, and embedding security into deployment pipelines.
Deep understanding of networking/security fundamentals: TCP/IP, HTTP/S, DNS, routing, firewalls, segmentation, zero-trust, VPN/NAT, etc.
Strong scripting/automation skills in one or more languages (e.g., Python, Go, JavaScript/TypeScript) for building security tooling.
Excellent communication skills: capable of influencing across teams, conveying complex security topics to technical and non-technical stakeholders.

Nice To Haves

Security certifications such as CEH

Responsibilities

Lead secure design, architecture review, and threat modeling for applications: including web services, APIs, microservices, serverless, mobile, etc.
Lead secure design and review for infrastructure/cloud: AWS VPCs, subnets, security groups, routing, NAT, VPN, identity & access (IAM, roles, federated identities), compute/storage services (EC2, EKS, Lambda, S3, RDS), infrastructure-as-code (IaC).
Develop and apply application security controls: code review guidance, static/dynamic analysis, runtime monitoring, penetration testing, dependency management.
Develop and apply cloud infrastructure security controls: guardrails for IaC templates (Terraform/CloudFormation), drift detection, deployment pipelines, logging/monitoring (CloudTrail, Config, GuardDuty, VPC Flow Logs). Experience setting up AWS Security Hub is preferred.
Proficiency with Cloudflare configuration, rate limiting, and WAF/DDoS features.
Experience working with compliance monitoring tools such as Vanta.
Automate security workflows across both app and infra domains: build tooling, integrate into CI/CD, implement remediation pipelines, build detection and alerting around misconfigurations or suspicious behavior.
Collaborate closely with DevOps/SRE/CloudOps/Architecture teams to embed security early (shift-left) in both app and infra lifecycles.
Stay current on emerging threats, AWS service changes, application and infrastructure attack surfaces and propose enhancements to our security strategy.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume