Sr. Security Engineer

What you'll do

• Own vulnerability management across code, cloud, containers, dependencies, Kubernetes, and internet-facing services
• Triage, validate, prioritize, and drive remediation for findings from tools such as GitHub Advanced Security, Wiz, container scanners, and cloud platforms
• Partner with SRE on Kubernetes, Infrastructure-as-Code, CI/CD, cloud posture, secrets, access, and production risk
• Improve application security by partnering with developers focusing on design review, code review, threat modeling, developer guidance, and repeatable remediation patterns
• Review AI-enabled workflows for data exposure, credential handling, tool permissions, prompt injection, automation, and production access risk
• Support SOC 2 compliance efforts by making controls repeatable, measurable, and evidence-ready
• Define security standards for AI-assisted engineering, internal tools, automation, and third-party platforms

Requirements

• 5+ years of hands-on experience in security engineering, application security, infrastructure security, DevSecOps, or similar roles
• Practical application security experience including vulnerability management, code review, dependency risk, OWASP issues, authentication, and developer enablement
• Hands-on cloud and infrastructure security experience in AWS, GCP, OCI or similar platforms including identity, secrets, permissions, and access controls
• Kubernetes and container security experience including RBAC, secrets, image scanning, and workload security
• Infrastructure-as-Code experience with Terraform or similar tools including security review of modules and configurations
• Ability to build or improve security automation using Python, Go, shell scripting, or similar languages
• Understanding of AI security risks such as prompt injection, data leakage, unsafe tool use, excessive permissions, and generated-code risk
• Strong written and verbal communication skills

Tech stack

Benefits