Staff Security Engineer

About The Position

Requirements

• Builder Orientation: Comfort operating as an engineer first , you measure impact by what you ship and what teams adopt, not by tickets closed or alerts triaged.
• Problem-Solving: Ability to bring standardization to inconsistent internal practices and transition to industry best practices.
• Communication: Strong communication skills essential for partnering with engineering teams.
• Commitment: Demonstrated commitment to teamwork, professionalism, and authenticity, fostering trust and accountability.
• Grit: Understanding that establishing security best practices is a marathon requiring persistence across many stakeholders.
• Minimum of 10+ years of overall experience, with at least 5+ years dedicated to Application Security.
• Proven, hands-on experience designing and operating security controls in Google Cloud Platform at scale including IAM and Workload Identity Federation, VPC Service Controls, CMEK and Secret Manager, Binary Authorization, GKE hardening, and Security Command Center. Experience with AWS or Azure is a plus; GCP is the primary platform for this role.
• Deep, hands-on experience in Secure by Design development practices, including guiding Secure Architecture and System Design.
• A builder first demonstrated experience designing and shipping reusable security primitives (Terraform modules, policy libraries, pipeline integrations) that engineering teams adopt, not just policies that exist on paper.
• Hands-on experience writing production-grade, secure-by-default Terraform for GCP deployments including org policies, IAM bindings, VPC configurations, and GKE cluster hardening. Experience with GKE workload identity, node pool security, and admission controller configuration.
• Ability to build maintainable components in Go or Python.
• Hands-on experience with Jenkins, Cloud Build, or CircleCI (bonus points for experience with reusable workflows).
• Proven ability to build, select, and implement application security tools, and integrate them into CI/CD pipelines.
• Bachelor's degree in Computer Science or equivalent practical experience.

Nice To Haves

• Experience with AWS or Azure is a plus; GCP is the primary platform for this role.
• Google Professional Cloud Security Engineer certification strongly preferred.
• CISSP, CCSP, or CKS (Certified Kubernetes Security Specialist) are a plus.
• bonus points for experience with reusable workflows.

Responsibilities

• Design and implement security primitives across GCP including org policy hierarchies, VPC Service Controls perimeter design, Workload Identity Federation, CMEK key management strategy, and Secret Manager governance ensuring secure-by-default infrastructure across all engineering teams.
• Define, document, and champion processes and practices for a secure Software Development Life Cycle (SDLC).
• Be a driving force in establishing a strong security culture within platform engineering teams.
• Lead Threat Modeling as a core principle for the Secure by Design strategy with particular focus on GCP-hosted, container-based, multi-tenant architectures. Design and enforce trust boundaries across GCP service and host project structures.
• Conduct Secure Code and Architecture Design Reviews, including threat modeling and technology/risk-based assessments.
• Automate application security testing and controls, integrating them directly into the CI/CD pipelines.
• Own the deployment, operation, and tuning of security tools (SAST, DAST, IAST, and CSPM), with a focus on platforms like CodeQL and Wiz.io including deep integration with GCP Security Command Center (SCC) and Binary Authorization for container workload protection.
• Partner with engineering to effectively prioritize and remediate identified vulnerabilities.
• Own the software supply chain security program, including SCA tooling, Artifact Registry vulnerability scanning, and Binary Authorization policy enforcement across GCP. Coordinate with the Security Operations team on penetration testing scope and findings remediation.

Benefits

• Industry competitive compensation and equity plan
• Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays
• Full medical coverage (Extended health care, dental, vision)
• Top-of-line equipment
• Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development
• Events and activities both team-based and company wide that inspire, educate and cultivate