Kentik is the network intelligence platform for modern infrastructure teams, seeking a Senior Software Security Engineer to enhance their application and software security programs. This role involves evolving security strategies, managing vulnerabilities, and providing security guidance to ensure secure software development across the organization.
Responsibilities:
- Secure SDLC: Continuously evolve Kentik’s secure SDLC strategy, defining security and privacy standards from design through deployment in partnership with key stakeholders. Design and implement automated security guardrails in CI/CD pipelines to detect vulnerabilities, dependency risks, and misconfigurations in real time, enabling teams to move fast without sacrificing security
- Vulnerability Management: Lead the analysis and resolution of complex, high-risk, or systemic vulnerabilities, partnering with engineers to design durable fixes and reusable security patterns. This also includes tooling selection, prioritization frameworks, remediation workflows, and developer guidance
- Threat Detection & Response: Lead threat management automation capabilities by designing automated detections, response playbooks, and escalation paths. Be part of security operations by responding to security alerts/incidents and continuously improving response effectiveness through automation and post-incident learnings. Manage and evolve bug bounty and penetration testing programs in partnership with internal and external stakeholders
- Internal Tooling & Framework: Design, build, and maintain internal security tools, platforms, and frameworks used broadly across the engineering organization. Focus on scalability, reliability, and developer experience while delivering capabilities such as automated scanning, validation, and security reporting and dashboards
- Security Guidance and Enablement: Act as a trusted security advisor to engineering and product teams, providing practical guidance during design reviews, architectural discussions, and roadmap planning. Drive security adoption through collaboration rather than gatekeeping, helping teams make informed risk-based decisions
- Training & Culture: Drive security and privacy awareness across the organization by delivering role-specific training, secure design guidance, and ongoing education. Help foster a culture where security is a shared responsibility embedded into everyday engineering practices
Requirements:
- 5+ years of experience in Software Engineering and/or Security Engineering, with demonstrated senior-level impact across multiple systems or teams
- Strong proficiency in at least one modern programming language (e.g., Python, Go, or Node.js), with an emphasis on building maintainable, production-quality systems and tooling
- Deep understanding of common application security vulnerabilities (e.g., OWASP Top 10), including root causes, exploitability, and real-world risk, and the ability to communicate these effectively to engineers
- Strong experience with Linux, containers/Kubernetes, and infrastructure as code in at least one major public cloud provider (AWS, GCP, or Azure)
- Experience leading threat detection and response efforts, including automation of detections and response playbooks
- Proven ability to work cross-functionally with engineering, product, and other stakeholders, influencing outcomes through collaboration and technical leadership
- Experience defining and tracking security metrics and building dashboards to measure program effectiveness
- Experience working in a remote environment
- Experience working in a pre-IPO startup environment