Staff, Security Engineer

About The Position

Requirements

• 8+ years of software engineering experience designing, building, and operating production systems.
• 3+ years of recent experience in application security, product security, security engineering, or a related security discipline.
• Deep understanding of secure software development, modern application architectures, APIs, and cloud-native environments.
• Experience owning complex technical initiatives from problem definition through delivery, including working across multiple teams and stakeholders.
• Proven ability to influence technical direction, mentor engineers, and drive adoption of security best practices.
• Strong hands-on experience with security tooling, automation, vulnerability management, and security assessments.
• Excellent communication skills, strong technical judgment, and a continuous learning mindset.

Nice To Haves

• Experience securing Ruby on Rails, Node.js, JavaScript, GraphQL, or similar application ecosystems.
• Experience with AWS cloud security and cloud-native security controls.
• Experience with threat modeling methodologies such as STRIDE, PASTA, or similar frameworks.
• Experience with vulnerability management, application security posture management, or developer security tooling.
• Familiarity with GitHub, GitLab, Wiz, static analysis tools, secret scanning, or related security platforms.
• Experience conducting penetration testing, security research, or ethical hacking activities.
• Experience protecting healthcare, regulated, or sensitive customer data.

Responsibilities

• Lead the design and implementation of security solutions across Fullscript's applications, platforms, and AI-powered systems.
• Partner with engineering teams to embed security throughout the software development lifecycle, including architecture reviews, threat modeling, secure coding practices, and design reviews.
• Drive application security, product security, and vulnerability management initiatives from concept through implementation.
• Own complex security challenges that span multiple teams, balancing technical requirements, business priorities, and engineering constraints to deliver scalable solutions.
• Mentor engineers and security practitioners, raising the bar for secure software development and helping teams make sound security decisions.
• Influence technical strategy and security standards through hands-on engineering, technical leadership, and cross-functional collaboration.
• Stay ahead of emerging threats, security technologies, and AI-specific risks to help shape Fullscript's long-term security posture.

Benefits

• Remote-first flexibility
• Flexible PTO
• Competitive pay
• RRSP/401k match
• Stock options
• Premium benefits package with customizable coverage, paramedical services, and an HSA.
• Fullscript discounts
• Continuous learning opportunities