FieldguideRemote
Lead Security Engineer
United States
Full Time
2 weeks ago
$210,000 - $260,000 USD
H1B Sponsor
Key skills
AWSCloudSDLCAILLMIAMSaaSCI/CDCommunicationPenetration TestingCloud Security
About this role
Role Overview
- Lead secure design reviews, threat modeling, and security-focused code reviews across the product and platform.
- Ensure security is ingrained into the SDLC so that the secure path is the easy path for engineers with secure-by-default libraries, patterns, and guardrails.
- Own authentication, authorization, API security, and data protection architecture for a multi-tenant SaaS platform.
- Architect and maintain security tooling integrated into CI/CD pipelines: static analysis, dependency scanning, secrets detection.
- Evaluate and mitigate risks specific to Fieldguide's AI Agents — prompt injection, data leakage through LLM contexts, unauthorized tool use, and unintended agent behaviors.
- Partner with Agent and Platform teams to define security boundaries for agent execution: sandboxing, least-privilege tool access, and runtime policy enforcement.
- Build and run Fieldguide’s vulnerability management program: scanning, triage, SLA-driven remediation tracking, and engineering coordination.
- Ensure visibility into vulnerability posture across application code, dependencies, and infrastructure.
- Manage external penetration testing engagements, bug bounty programs, and coordinate remediation of findings.
- Partner with infrastructure engineering to review and improve cloud security across our AWS environment: IAM, network architecture, secrets management, and logging.
- Establish runbooks, communication protocols, and post-incident review practices in coordination with a 24/7 MDR team.
- Collaborate with engineers on incident response processes and playbooks.
- Partner with Compliance to ensure technical controls satisfy framework requirements (SOC 2, ISO 27001, ISO 42001, FedRAMP).
Requirements
- 8+ years in security with a primary background in application security, product security, or security-focused software engineering.
- Track record of building or significantly maturing a security program, ideally at a growth-stage SaaS company.
- Strong programming skills with demonstrated experience writing production software.
- Familiarity with AWS security services and patterns: IAM, VPC, CloudTrail, KMS.
- Experience with threat modeling methodologies and secure design review processes.
- Experience managing external penetration tests and coordinating remediation.
- Familiarity with AI/LLM security considerations and emerging risks in agentic AI systems is a plus.
- Experience supporting compliance frameworks (SOC 2, ISO 27001, NIST, FedRAMP) from the technical controls side is a plus.
Tech Stack
- AWS
- Cloud
- SDLC
Benefits
- Competitive compensation packages with meaningful ownership
- Flexible PTO
- 401k
- Wellness benefits
- Technology & Work from Home reimbursement
- Flexible work schedules