Senior Security Engineer

As a Senior Security Engineer, you'll harden the security posture of our AWS environment, our public-facing perimeter, and our software development pipeline. Cloud Security is the primary focus and Application Security is a secondary focus.

You'll partner with DevOps, Engineering, and our Application Security Engineer to build preventative controls across infrastructure, identity, CI/CD, and applications. The work is hands-on: configuring tooling, writing and tuning detection and blocking rules, reviewing architecture, hardening pipelines, and supporting application security work where your range is needed.

• Operate and tune our WAF, including managed and custom rule sets, rate limiting, bot mitigation, and the day-to-day work of keeping false positives low.
• Own cloud security posture across our AWS environment using a CSPM or CNAPP platform alongside AWS-native security services.
• Reduce risk across IAM, network segmentation, ECS and container security, secrets management, and data exposure.
• Establish secure defaults in our Infrastructure as Code through reusable modules, guardrails, and policy as code.
• Harden CI/CD pipelines and the secrets that flow through them in partnership with DevOps.
• Build controls the SOC can monitor and respond to, and document the runbooks for the systems you own.

• Operate and tune SAST, SCA, and Secret Scanning tooling integrated with our source control.
• Partner with our Application Security Engineer on code reviews and threat modeling across our Ruby on Rails, React Native, Python, and Go codebases.
• Mobile App Security (iOS and Android)

• Run our vulnerability management program across cloud and application findings: intake, prioritization, SLA tracking, and reporting.
• Partner with engineering teams to drive remediation, advising on fixes and unblocking the work where you can.
• Build automation that scales the program — pipelines for ingestion, deduplication, prioritization logic, and developer-facing workflows.

• Contribute to our growing AI security program, including controls for AI-assisted development tooling, secure use of AI in our products, and emerging risks like prompt injection.

• 5+ years of hands-on security engineering experience across cloud security and/or application security, with demonstrated depth in at least one.
• Strong AWS security background, including IAM, networking, container orchestration (ECS, EKS, or Kubernetes), and logging and audit. Hands-on experience with a CSPM or CNAPP platform.
• Hands-on experience operating a WAF in production, including writing and tuning rules, managing false positives, and responding when something gets through.
• Experience securing CI/CD pipelines and Infrastructure as Code, with Terraform required.
• Working knowledge of OWASP Top 10, secure code review, SAST/DAST/SCA tooling, and threat modeling.
• Experience running or substantially contributing to a vulnerability management program.
• Proficiency in at least one programming language used in modern application stacks, such as Python, Go, or Ruby.
• Operates independently and drives projects without day-to-day oversight.

• Experience with the tools we use day to day: Wiz, Cloudflare (WAF, Gateway, Zero Trust), GitHub Advanced Security, Spacelift, and AWS-native security services such as GuardDuty, Security Hub, Macie, and Inspector.
• Container and orchestration security depth across Docker, Kubernetes, and ECS/EKS.
• Familiarity with AI/ML security risks such as prompt injection, data poisoning, and model abuse, and the controls that mitigate them.
• Experience with secrets management platforms such as AWS Secrets Manager, Keeper, and/or Infisical.
• Identity security across human and non-human identities, including service accounts, API keys, and OIDC federation.
• Experience in a PCI-regulated environment or financial services.
• Familiarity with Ruby on Rails, Python, or Go.

#LI-LB2