Senior Security Engineer

About The Position

Requirements

• 5+ years of experience in security engineering, infrastructure engineering, or application security, ideally in a B2B SaaS or cloud‑native environment.
• Hands‑on experience with at least one major public cloud platform (e.g., GCP, AWS), including IAM, networking, logging/monitoring, and security services.
• Strong proficiency in at least one programming or scripting language (e.g., Python, Go, Java, or similar) and experience using code to automate security controls or detection.
• Direct experience with AI/LLM-specific security risks (prompt injection, model supply chain, etc.)
• Demonstrated knowledge of secure application and system design, including topics like authentication/authorization, encryption in transit and at rest, least‑privilege access, and secrets management.
• Experience with security tooling such as vulnerability scanners, SAST/DAST tools, SIEM/centralized logging, endpoint protection, or cloud security posture management.
• Solid understanding of common vulnerabilities and attack patterns (e.g., OWASP Top 10, misconfigurations, supply‑chain risks) and how to mitigate them in practice.
• Ability to work cross‑functionally with engineering, IT, and compliance/legal teams, and to translate security requirements into practical implementation details.
• Clear written and verbal communication skills, including the ability to document designs and decisions and to educate others on security best practices.
• A collaborative, pragmatic approach: you’re comfortable making risk‑based decisions, proposing options, and supporting teams in implementing secure, scalable solutions.

Responsibilities

• Design and implement security controls and tooling across Sift’s infrastructure and applications (e.g., IAM policies, network controls, secrets management, endpoint protections, container and workload security).
• Embed with product and platform teams to perform security design reviews, threat modeling, and code or configuration reviews for new features and services.
• Improve the secure SDLC by integrating AI-powered scanning tools, security scanning (SAST/DAST, dependency and container scanning) into CI/CD, and by developing guardrails, templates, and best practices for engineers.
• Own or co‑own vulnerability management workflows, from discovery and triage through remediation, including defining SLAs, coordinating with service owners, and tracking closure.
• Develop automation (scripts, services, integrations) to detect misconfigurations, anomalous activity, or policy violations, and to reduce manual operational work for the security team.
• Participate in security incident response (on‑call rotation or escalation), including investigation, containment, root cause analysis, and long‑term fixes.
• Contribute to security documentation and standards, ensuring we have clear, actionable guidance for engineers on topics like authentication, authorization, data encryption, and key management.
• Support audits and assessments (e.g., SOC 2, customer security questionnaires) by providing technical details and evidence of control design and effectiveness.
• Mentor other engineers on secure design and implementation practices through pairing, reviews, training sessions, and written guidance.