Senior Security Engineer

AgentSync•Denver, CO

7d•$155 - $170•Hybrid

About The Position

Our team is growing and seeks to hire a Senior Security Engineer to develop strategies and a creative approach to building a right-sized and effective cybersecurity program at a rapidly growing startup. You’ll be joining a passionate team of high-impact problem solvers—developers, engineers, and data scientists—where we enjoy the challenges of design, security, and scale. We are looking for a security practitioner who is also a builder. You will provide technical leadership for the security engineering team, acting not just as an advisor, but as a hands-on partner who helps our engineering organization ship secure code faster. Who You Are: A Technical Implementer: You don't just identify problems; you build the solutions. You are comfortable jumping into the console or the codebase to fix a vulnerability or automate a control. A Partner, Not a Blocker: You understand that security should enable the business, not stall it. You look for ways to say "Yes, and here is how we do it safely" rather than "No." A Collaborative Force: You are ready to help develop, grow, and guide a security team to focus on the right problems and the right solutions. Our Philosophy At AgentSync, we believe that interacting with our security team and security controls should feel delightful, straightforward, and easy to understand. To succeed in this role, you need: A solution-oriented attitude: You will leverage this to ‘right-size’ solutions that work for all stakeholders. Empathy for Engineering: The patience to fully understand our internal partner teams’ processes and goals to implement thoughtful security solutions. A Focus on Automation: The ability to build automation into security processes to reduce the security burden on our partner teams and support extremely rapid growth.

Requirements

Security First: 5+ years of experience working in a start-up or fast-paced environment, with a primary focus on applying security to modern cloud products and services.
Implementation Skills: Demonstrated ability to write code or scripts to automate security tasks (e.g., Python, Go, Bash) and hands-on experience with Infrastructure as Code (Terraform).
Cloud Fluency: Deep familiarity with public cloud providers, specifically AWS.
Tooling Expertise: Experience implementing and managing a modern security stack.
Technical Communication: Able to communicate complex technical ideas, risks, and threats to non-technical audiences and negotiate technical trade-offs with engineering partners.
Analytical Mindset: Excellent analytical and troubleshooting skills with the ability to dive deep into logs, code, or infrastructure configurations to identify threats.
Collaborative Spirit: Strong ability to work both independently and collaboratively across the organization to align security projects with business needs.

Nice To Haves

Familiarity with our specific tools is a great but its not required if you have comparable experience with other tools: Cloud Infrastructure: AWS, Wiz (CSPM) Application Security: GitHub Advanced Security, Wiz (SAST/SCA) Edge Protection: Cloudflare (WAF) Monitoring & Response: Splunk (SIEM) Identity: Okta

Responsibilities

Partner & Enable: Collaborate deeply with Engineering, DevOps and IT teams to understand their roadmaps and remove security blockers through engineering solutions.
Build & Implement: Leverage your technical expertise to design, build, and deploy security tooling and infrastructure. You won't just advise; you will implement.
Secure the Cloud: Investigate and assess existing AWS cloud infrastructures and implement enhancements to increase security posture.
Infrastructure as Code: Utilize Terraform and other automation tools to ensure security is baked into our environment from deployment.
AppSec Integration: Manage code security scanning (SAST & SCA) using Wiz and GitHub Advanced Security, working with developers to tune results and integrate fixes into their workflow.
Operational Security: Lead and support Security Incident Response, manage the process, and lead annual tabletop exercises and penetration testing.
Identity Management: Oversee and refine RBAC policies and identity governance using Okta.