Sr. Software Engineer, Security (Pipedream)

About The Position

Requirements

• 7+ years of experience in product security, application security, or software engineering with a security focus
• Hands-on experience with vulnerability management, threat modeling, and risk analysis
• Experience securing AWS or comparable cloud platforms at production scale
• Demonstrated experience in threat and vulnerability management, including identifying, assessing, and mitigating potential risks and weaknesses across a platform's security infrastructure.
• You have conducted vulnerability assessments, implemented security measures, and stayed current with the latest cybersecurity trends to keep systems protected.
• Solid understanding of application security, including protecting software applications from potential threats and vulnerabilities.
• You are comfortable identifying and mitigating security risks in application design and code, and you bring experience with security controls such as encryption and authentication.
• Proficiency in securing cloud infrastructure, with the ability to design, manage, and maintain cloud-based environments (AWS, GCP) at scale.
• You understand how to effectively secure and monitor cloud services in a production setting.
• Experience with security incident response, including a systematic approach to managing the aftermath of security breaches or attacks.
• You know how to identify and analyze security incidents, coordinate response activities, and develop strategies to prevent future incidents.
• Comfort reading and patching code across multiple languages — you do not need to know Pipedream's specific stack, but you are the kind of engineer who picks up new languages quickly and can operate effectively across a polyglot codebase.
• A history of building security programs that engineering teams actually adopt — not just policies on paper.
• You partner with engineers to ship secure code and balance priorities across highly visible projects involving multiple teams.

Nice To Haves

• Experience with compliance frameworks such as SOC 2 or HIPAA, including running audits end-to-end, is a plus.
• Offensive security background (vulnerability testing, penetration testing, red teaming) is a plus.
• Experience securing Kubernetes and Docker workloads in production is a plus.

Responsibilities

• Finding and patching vulnerabilities directly in code and dependencies. Pipedream runs a polyglot stack — TypeScript, Rust, Kotlin, Ruby, and more — so you will read and fix code across all of it.
• Building and maintaining the platform's threat model, and partnering with Product and Engineering to ship new features securely without slowing them down.
• Securing cloud infrastructure (AWS, GCP) and the third-party vendor surface (Redis, Datadog, and others).
• Leading incident response for critical security issues.
• Owning SOC 2, HIPAA, penetration tests, and other compliance work end-to-end.
• Partnering with Workday's security team to translate broader policy into something that fits Pipedream's stack and operations.

Benefits

• Workday Bonus Plan
• Annual refresh stock grants
• Comprehensive benefits