Senior Security Engineer

About The Position

Requirements

• 4+ years experience in a security or development role
• Collaborating with teams to review designs & implementations for security issues and embedding good security practices across software development
• Triaging issues and reports, assisting teams to remedy items and testing fixes
• Working with external penetration test companies to validate and prioritize findings
• Conducting risk and vulnerability assessments of web applications and APIs and third party suppliers and integrations
• Configuring and tuning SAST, SCA and DAST Tooling
• Working with build/deployment pipelines to incorporate security tooling (Github Actions or Azure Devops YAML based pipelines)
• Assisting with implementing security focused alerting and detections and automations
• Conducting and facilitating organizational & developer focused security training
• Assisting with operational security items such as EDR alerts and MDM
• Contributing to our security roadmap
• Strong communication skills (spoken and written)
• Microsoft .NET/C#, JavaScript (React and EmberJS frameworks), and Python
• At least one cloud platform: Azure, AWS or GCP (Azure predominantly)
• Working knowledge of PowerShell or Bash and Python
• Working knowledge of at least one AI development tool e.g. Claude Code, GitHub Co-Pilot etc
• Portswigger Burp or similar

Nice To Haves

• Certifications such as Offsec OSCP & AWAE, GIAC, Burp Practitioner, PJPT, Microsoft/AWS development and cloud related
• Experience with securing AI applications, systems and AI tooling

Responsibilities

• Partner with different areas within Karbon to ensure security is embedded from the start, from feature design and development to participating in design reviews and threat modeling.
• Balance delivery needs with security, communicating security risks and issues to non-technical stakeholders, understanding when to push back, compromise, and work with delivery teams to reach a great outcome.
• Stay up-to-date on the latest technologies and approaches, including new developments in AI, while understanding the importance of foundational security practices like good account hygiene, least privilege, attack surface reduction, and MFA.
• Identify and assess security risks introduced by AI tools, reviewing the risks of AI tooling usage & integration and AI-generated code.
• Apply AI-assisted tooling to accelerate security work, utilizing it across areas such as triage, threat detection, code review, and documentation.
• Work effectively across multiple security domains, potentially assisting with refining and investigating corporate IT security processes, reviewing cloud-hosted systems, and tweaking detection rules.
• Work effectively as part of a team, building relationships and trust across the organization to enhance Karbon’s security posture, answering questions and offering advice to teams.
• Take pride in work, feeling a deep sense of responsibility for the products developed and ensuring customer data is secure.
• Contribute creativity, curiosity, and authenticity to strengthen the team.
• Contribute to Security Metrics to track progress and feedback into the roadmap.

Benefits

• Flexible Time Off with an encouraged 4 weeks use per year
• Company paid medical for you and eligible spouse/partner and dependents
• Paid dental and vision and eligible spouse/partner and dependents
• 401(k) with company matching
• Flexible Spending Account
• Up to 8 weeks paid parental leave
• Work-from-home stipend
• Work with (and learn from) an experienced, high-performing team
• A collaborative, team-oriented culture that embraces diversity, invests in development and provides consistent feedback
• Be part of a fast-growing company that firmly believes in promoting high performers from within