Senior Security Engineer
About The Position
As a Senior Security Engineer, you will be a cornerstone of our security organization, responsible for architecting and scaling our defenses across Application Security, Cloud Infrastructure, and Security Operations (SecOps). We aren’t just looking for someone to run scanners; we want a forward-thinking engineer who views AI as a force multiplier. You will leverage cutting-edge tools like Claude Code, Cursor, and Codex to automate the mundane, accelerate vulnerability remediation, and build a "paved road" for our developers. To thrive in this role, you must be comfortable wearing multiple hats—from leading a threat modeling session for a new feature to fine-tuning our detection and response capabilities in the SOC. You are an advocate for "security as code" and believe that the best security programs are those that empower engineers rather than slowing them down. Please note that this opportunity is located in New York, NY, and requires this hire to work from our office four days a week.
Requirements
- The AI Edge: Proven experience or a deep curiosity in leveraging AI coding assistants (Claude Code, Cursor, etc.) and LLM frameworks to automate security workflows and write better code.
- Engineering Roots: A strong background in software development. You speak the language of developers and can contribute high-quality code to our internal security tooling.
- Cloud Fluency: Extensive experience securing AWS, GCP, or Azure (AWS preferred) and a "Security as Code" mindset using Terraform, Pulumi, or similar.
- AppSec Expertise: Deep understanding of the OWASP Top 10, memory safety, and modern authentication standards (OIDC, SAML, OAuth).
- Detection & Response: Experience with SOC operations, including log analysis (SIEM), incident response, and building automated alerts for suspicious infrastructure activity.
- The "Startup" Mindset: You excel in fast-paced environments. You prefer "building a tool to solve a problem" over "buying a tool to hide a problem."
Nice To Haves
- Certifications & Education: While we value skills over paper. However, certifications like OSCP, CISSP, or AWS Certified Security Specialty are a strong plus.
Responsibilities
- AI Innovation & Automation: Lead the integration of AI-assisted coding and security tools (e.g., Cursor, Kiro) to revolutionize how we perform code reviews, automate triage, and generate secure-by-default boilerplate.
- Security Architecture & Cloud: Partner with DevOps to harden our AWS/Cloud infrastructure. Use IaC (Terraform) to ensure our environment is "safe-by-default" and help manage our identity and access management (IAM) strategy.
- Full-Spectrum Vulnerability Management: Drive our AppSec program. You’ll oversee everything from SAST/SCA integration in the CI/CD pipeline to managing penetration tests results and remediation efforts.
- Modern SecOps: Help mature our Security Operations Center (SOC) functions. This includes improving our visibility, logging, and alerting strategies to ensure we can detect and respond to threats in real-time.
- Strategic Risk Management: Lead threat modeling (STRIDE/PASTA) and support compliance audits (SOC 2), ensuring that security is a business enabler rather than a checkbox.
- Mentor & Advocate: Be a security champion. Educate engineering teams on modern attack vectors and mentor junior members on how to use AI tools responsibly and effectively.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
