Staff Security Engineer

Order.co is the System of Action for the Office of the CFO, transforming the way businesses purchase and pay into an intuitive, B2C-like shopping experience. Order.co leverages embedded AI agents and embedded financial products to reinvent the way businesses connect with their vendors. 

End users enjoy a seamless, zero-training buying experience, while finance and procurement leaders gain a single platform to orchestrate how the business “should operate”. The result is an all-in-one solution that serves as a gravitational pull for spend and data, automating and eliminating procurement and finance workflows from requisition to reconciliation along the way.

Order.co is on the cutting edge of B2B Agentic Commerce, poised to be the market leader in creating a more predictive, prescriptive, and personalized experience for users. 

Founded in 2016 and headquartered in New York City, Order.co oversees nearly half a billion in annualized spend across hundreds of customers like WeWork, SoulCycle, Lume, and [solidcore]. Order.co has raised $75M in funding from industry-leading investors like MIT, Stage 2 Capital, Rally Ventures, 645 Ventures, and more. Order.co has been proudly named a 50 to Watch by Spend Matters and a Best Place to Work by BuiltIn and Inc. Magazine.

Own technical direction and execution of security initiatives that protect company data and improve systems security, driving impact across multiple teams or systems. At this level, your scope is cross-team. You set the security architecture others build against, lead complex initiatives, and develop senior engineers toward the next level.

• Own Platform team-level architectural security decisions; research, design and own security frameworks, evolution paths, and technical debt strategy while others build against your direction
• Lead and contribute to large, complex security initiatives; decompose work, coordinate execution, and surface risks before they become incidents
• Proactively detect and remediate security vulnerabilities with discernment using AI tooling as an accelerant while applying rigorous judgment on correctness and risk
• Champion security standards, testing patterns, and observability; driving improvements in security beyond your immediate team by embedding security in the software development lifecycle and infrastructure changes
• Mentor senior engineers toward Staff-level behaviors; your impact compounds through the engineers you develop, not just the code you write
• Align multiple teams on security strategy; translate business goals into secure system design and represent security strategy in organizational discussions

• You measure success by the team's security posture and system health, not your own contributions alone
• You self-direct technical improvement work beyond the product roadmap. You identify what needs to change and drive it without waiting to be asked
• You develop others. Your presence makes engineers around you more effective and higher-scope
• You've owned production systems at scale and made security trade-offs under real constraints
• Proficiency in Ruby on Rails and PostgreSQL, including understanding the framework's security tools (Active Record encryption, CSP, sanitization, asynchronous background processing).
• Hands-on security experience with AWS, infrastructure as code, and CI/CD at scale
• Expert-level knowledge of network security, operating systems (Linux), and cloud platforms
• Experience with NIST CSF and RMF, ISO27001, CIS MITRE ATT&CK, CSA CCM, SOC2, GDPR frameworks
• Strong track record with cloud security, API security, secure software development, threat modeling, identity and access management, network segmentation, vulnerability management, incident response, and compliance-driven security controls

Shadow tech lead everywhere — takes over instead of enabling others. Ivory tower architect — designs without accounting for implementation reality. Invisible impact — does good work but doesn't communicate or scale it. Super coder bottleneck — writes all critical code instead of growing others who can.

Round

Format

What We Evaluate

1 — Hiring Manager Screen

60 min, conversational

Career trajectory, mentorship philosophy, cross-team influence examples, communication style

2 — Secure System Design Case Study

60 min, live discussion

Cross-team scope, architecture trade-offs, technical debt strategy, AI-augmented design segment

3 — Live Coding Exercise + AI Proficiency

60 min, live coding

Navigating unfamiliar code, root-cause debugging, code quality judgment, AI tool usage

4 — Team Interview

2 × 45 min

Collaboration, engineering development, multi-team initiative narrative

5 — Culture Add

30 min, People Team

Organizational values alignment

AI coding assistants are allowed in Rounds 2 and 3. We observe how you use them, not whether you use them.

• Competitive compensation including base salary, bonus, and equity
• Employer-sponsored 401(k) with match
• Comprehensive medical, dental, and vision coverage
• Flexible time off and hybrid work environment

The anticipated annual salary range for this role is $180,000 - $220,000. Actual compensation and title will be commensurate with experience, qualifications, knowledge, and skills.