Senior Security Engineer

About The Position

Requirements

• 5+ years of hands-on security engineering experience across cloud security and/or application security, with demonstrated depth in at least one.
• Strong AWS security background, including IAM, networking, container orchestration (ECS, EKS, or Kubernetes), and logging and audit. Hands-on experience with a CSPM or CNAPP platform.
• Hands-on experience operating a WAF in production, including writing and tuning rules, managing false positives, and responding when something gets through.
• Experience securing CI/CD pipelines and Infrastructure as Code, with Terraform required.
• Working knowledge of OWASP Top 10, secure code review, SAST/DAST/SCA tooling, and threat modeling.
• Experience running or substantially contributing to a vulnerability management program.
• Proficiency in at least one programming language used in modern application stacks, such as Python, Go, or Ruby.
• Operates independently and drives projects without day-to-day oversight.

Nice To Haves

• Experience with the tools we use day to day: Wiz, Cloudflare (WAF, Gateway, Zero Trust), GitHub Advanced Security, Spacelift, and AWS-native security services such as GuardDuty, Security Hub, Macie, and Inspector.
• Container and orchestration security depth across Docker, Kubernetes, and ECS/EKS.
• Familiarity with AI/ML security risks such as prompt injection, data poisoning, and model abuse, and the controls that mitigate them.
• Experience with secrets management platforms such as AWS Secrets Manager, Keeper, and/or Infisical.
• Identity security across human and non-human identities, including service accounts, API keys, and OIDC federation.
• Experience in a PCI-regulated environment or financial services.
• Familiarity with Ruby on Rails, Python, or Go.

Responsibilities

• Operate and tune our WAF, including managed and custom rule sets, rate limiting, bot mitigation, and the day-to-day work of keeping false positives low.
• Own cloud security posture across our AWS environment using a CSPM or CNAPP platform alongside AWS-native security services.
• Reduce risk across IAM, network segmentation, ECS and container security, secrets management, and data exposure.
• Establish secure defaults in our Infrastructure as Code through reusable modules, guardrails, and policy as code.
• Harden CI/CD pipelines and the secrets that flow through them in partnership with DevOps.
• Build controls the SOC can monitor and respond to, and document the runbooks for the systems you own.
• Operate and tune SAST, SCA, and Secret Scanning tooling integrated with our source control.
• Partner with our Application Security Engineer on code reviews and threat modeling across our Ruby on Rails, React Native, Python, and Go codebases.
• Run our vulnerability management program across cloud and application findings: intake, prioritization, SLA tracking, and reporting.
• Partner with engineering teams to drive remediation, advising on fixes and unblocking the work where you can.
• Build automation that scales the program — pipelines for ingestion, deduplication, prioritization logic, and developer-facing workflows.
• Contribute to our growing AI security program, including controls for AI-assisted development tooling, secure use of AI in our products, and emerging risks like prompt injection.

Benefits

• Considerable employer contributions for health, dental, and vision programs
• Generous PTO, paid holidays, and paid parental leave
• 401(k) matching program
• Merit advancement opportunities
• Career development & training