Senior Staff Security Engineer

About the Role:

As a Senior Staff Security Engineer, you will play a key role in building a security-minded culture within our software development lifecycle (SDLC). You’ll work with product engineering teams to provide security oversight, review code, and influence architectural decisions that allow us to meet enterprise-grade security expectations. In this role, technical expertise is essential, but equally important are collaboration, patience, and a strong sense of ownership. You won’t just identify issues—you'll be expected to go above and beyond by sometimes submitting pull requests (PRs) to fix security issues directly in other developers’ codebases. Your ability to communicate effectively, build trust, and drive results in a fast-paced environment will be key to success.

Key Responsibilities:

• Collaborate closely with product engineering teams to assess design and implementation risks and influence secure development practices.
• Conduct in-depth code reviews and security assessments, identifying issues and providing recommendations—and sometimes fixes—directly in codebases.
• Develop automation and tooling to embed security within our CI/CD pipelines.
• Lead the design and implementation of security features in the cloud infrastructure, particularly on AWS.
• Mentor junior engineers and foster security awareness across the company.
• Assist in building out detection and response capabilities, with a focus on reducing security risks and responding to threats in a timely manner.
• Contribute to the improvement of existing security tools and processes or build new ones where gaps exist.
• Participate in cross-functional collaboration with the cloud platform and DevOps teams to ensure the security of our infrastructure and cloud environments.
• Support regulatory compliance efforts (SOC2, ISO, etc.), ensuring security controls are met.

What We’re Looking For:

• 8+ years of experience in security engineering, with a focus on secure software development.
• Strong background in cloud security (AWS), including IAM, VPC, and security monitoring tools.
• A history of using cloud-native tools like Kubernetes to “shift left” in order to build security into the foundations of the develop/build/release process.
• Expertise in modern development practices and languages (e.g., Python, Java, Typescript).
• Experience building security into CI/CD pipelines (security as code, infrastructure as code).
• Experience automating security tasks using scripting languages (Python, Bash, etc.).
• Strong communication skills, especially in conveying security risks to non-security stakeholders, and the ability to navigate high-pressure environments.
• Proven ability to influence and drive security initiatives in an organization while fostering a culture of collaboration and mutual respect.
• Willingness to go beyond traditional responsibilities to help fix issues directly when needed.