Senior Security Engineer, Proactive Security

About The Position

Requirements

• 4+ years of non-internship background in troubleshooting systems issues, analyzing logs, or automating complex tasks using command line tools experience
• 5+ years of work in identifying security issues and risks, and developing mitigation plans experience
• 4+ years of (non-internship) scripting, programming, and security code review in common programming languages experience
• Knowledge of at least two of the following programming languages: Scala, Java, Python, C/C++, or Go
• Experience working in identifying security issues and risks, and developing mitigation plans
• Experience as a mentor, tech lead or leading an engineering team

Nice To Haves

• Experience applying threat modeling or other risk identification techniques or equivalent
• Experience with security in service-oriented architectures/microservices and web services

Responsibilities

• Lead end-to-end security reviews for complex, high-priority services including design reviews, threat modeling, and penetration testing scoping and readout
• Serve as a subject matter expert for assigned affinity teams, providing architectural guidance and security consultation to service teams throughout the development lifecycle
• Independently perform and guide threat modeling exercises for complex distributed systems, identifying risks and recommending mitigations
• Conduct targeted manual code reviews of security-critical components, identifying vulnerabilities and insecure patterns that automated tools miss
• Scope, coordinate, and oversee penetration testing engagements; analyze results and drive remediation with service teams
• Identify, document, and track security findings to resolution; escalate critical issues to leadership when appropriate
• Mentor junior engineers, contribute to team processes and tooling improvements, and raise the security bar across the organization
• Design and build security automation, tooling, and processes that improve operational efficiency and scale the team's impact
• Leverage generative AI and machine learning to build intelligent security automations that streamline review workflows, enhance vulnerability detection, and reduce manual toil
• Partner with service teams to improve security posture proactively, including developing self-service guidance, documentation, and readiness frameworks
• Define and track security metrics that measure risk reduction, operational efficiency, and builder experience improvements

Benefits

• sign-on payments
• restricted stock units (RSUs)
• health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
• 401(k) matching
• paid time off
• parental leave