Senior Security Engineer

ngrok Inc.

1d•$215,280 - $286,000•Hybrid

About The Position

Security at ngrok is being built from the ground up, and this role is the foundation. ngrok sits at a uniquely sensitive position in the internet stack: traffic flows through us, and the developers and companies who rely on us trust us with that. As our first dedicated Security Engineer, you won't be inheriting a sprawling program or a backlog of someone else's decisions. You'll be defining how security works here — partnering closely with engineering, infrastructure, and leadership to build automated guardrails, opinionated defaults, and self-service tooling that scale with the team rather than slow it down. The threat landscape is shifting fast, and we want a security posture we're proud to stand behind.

Requirements

You've worked in a security engineering role where you shipped tooling, built automation, or owned security infrastructure — not just reviewed it
You have strong engineering fundamentals and are comfortable writing quality code in Go or Java, Rust, C, C++
You know how to integrate security checks into CI/CD pipelines without slowing teams down
You have hands-on experience with cloud security, particularly AWS (IAM, VPC, CloudTrail, GuardDuty)
You understand AI/ML security risks like prompt injection, insecure code generation, and LLM-assisted attack vectors

Nice To Haves

You've built internal security platforms or developer-facing security tooling
You've done detection engineering — writing detection rules, tuning signals, reducing alert fatigue
You've secured networking or developer infrastructure products

Responsibilities

Audit the current state of security tooling, pipeline coverage, cloud posture, and detection capabilities, and turn that into a prioritized security roadmap tied to ngrok's business objectives
Ship developer-facing security tooling: automated checks in CI/CD, secrets scanning, dependency vulnerability tracking, and secure-by-default libraries that make the right choice the easy choice
Run a structured risk assessment across product and infrastructure to document what we know, what we don't, and what needs to change
Establish guardrails for how we use AI in our engineering pipeline — policies and tooling that let us move fast without introducing new risk classes
Stand up baseline detection and response: log coverage, alerting, and a documented incident response process
Own the security engineering program end-to-end over time — clear ownership, documented controls, meaningful metrics, and an internal security platform (reusable libraries, self-service tooling, automation) that reduces the security burden on every engineer

Benefits

Full premiums covered on base healthcare, dental, and vision for you. Half covered for your dependents.
Mental health and well-being support included
401(k) with 100% match up to 3% of your salary and 50% match up to another 2%
Open, flexible vacation policy
Up to 16 weeks parental leave if you give birth
Up to 8 weeks parental leave for new parents (birth, adoption, fostering)
Annual professional development budget for books, courses, conferences, or whatever helps you level up
Annual home office/desk stipend
Co-working space stipend
Lunch 2x+ per week for employees onsite at our San Francisco office
Company offsites twice a year
Bi-annual reviews for feedback and compensation