Software Engineer - Information Security

PlanetScale•San Francisco, CA

11h•Remote

About The Position

PlanetScale is a rapidly growing company that is reinventing the database space, offering PostgreSQL and Vitess clusters, with plans to introduce sharded PostgreSQL clusters. The company is seeking a Software Engineer: Information Security to join its team. This role is crucial for building security into every layer of PlanetScale's infrastructure, protecting millions of queries per second for large applications, while maintaining an exceptional developer experience. The position involves designing and implementing security controls for the cloud-native database platform, collaborating with engineering teams on security reviews, threat modeling, and secure coding guidance. A key focus will be proactive red teaming and testing to identify and patch vulnerabilities. The engineer will also evaluate, procure, and implement security tools, work with the compliance team for SOC 2 and PCI DSS adherence, build security automation, and respond to security incidents. PlanetScale is a profitable company focused on small teams of high-performing individuals, recognized as one of America's fastest-growing companies. The role is central to protecting a platform that powers world-class applications and ensuring security is fundamental to its architecture as it scales. PlanetScale is committed to building a diverse, equitable, and inclusive company, supporting employees to thrive regardless of location or background.

Requirements

5+ years of software engineering experience with a focus on security engineering or application security
Strong proficiency in Go, with experience in other languages like Python, Java, or C++
Experience securing cloud-native applications and infrastructure (AWS, GCP, Azure)
Knowledge of database security, encryption, and access controls
Experience with security frameworks and compliance requirements (SOC 2, PCI DSS)
Understanding of threat modeling, security architecture, and secure coding practices

Nice To Haves

Experience with database internals, distributed systems security, or infrastructure security
Background in security tool evaluation, implementation, and automation
Experience with Kubernetes security, container security, and cloud security posture management
Knowledge of security monitoring, incident response, and vulnerability management
Previous experience at a high-growth technology company or in a security engineering role
Relevant security certifications (CISSP, CISM, CEH, etc.)

Responsibilities

Design and implement security controls for PlanetScale's cloud-native database platform, protecting millions of queries per second for some of the world's largest applications.
Collaborate with engineering teams to conduct security reviews, threat modeling, and provide secure coding guidance across our distributed systems.
Consistently try to break into the PlanetScale platform as an attacker would, and help patch what you find (proactive red teaming and testing).
Evaluate, procure, and implement proactive security tools and technologies to strengthen our security posture.
Work closely with our compliance team to ensure adherence to SOC 2, PCI DSS, and other security frameworks.
Build security automation and tooling to scale security practices across the engineering organization.
Respond to security incidents and conduct post-incident reviews to improve our security resilience.