Key skills
Software EngineeringSecurity EngineeringApplication SecurityThreat DetectionPythonGoNode.jsLinuxKubernetesAWSGCPAzureSecurity MetricsTrainingSDLCCI/CDLeadershipCollaborationOWASPPenetration Testing
About this role
Kentik is the network intelligence platform for modern infrastructure teams, and they are seeking a Senior Software Security Engineer to lead and evolve their application and software security programs. This role is crucial in shaping the company's security posture and ensuring secure software delivery at scale through innovative security practices and collaboration with engineering teams.
Responsibilities:
- Continuously evolve Kentik’s secure SDLC strategy, defining security and privacy standards from design through deployment in partnership with key stakeholders
- Design and implement automated security guardrails in CI/CD pipelines to detect vulnerabilities, dependency risks, and misconfigurations in real time, enabling teams to move fast without sacrificing security
- Lead the analysis and resolution of complex, high-risk, or systemic vulnerabilities, partnering with engineers to design durable fixes and reusable security patterns
- Lead threat management automation capabilities by designing automated detections, response playbooks, and escalation paths
- Be part of security operations by responding to security alerts/incidents and continuously improving response effectiveness through automation and post-incident learnings
- Manage and evolve bug bounty and penetration testing programs in partnership with internal and external stakeholders
- Design, build, and maintain internal security tools, platforms, and frameworks used broadly across the engineering organization
- Act as a trusted security advisor to engineering and product teams, providing practical guidance during design reviews, architectural discussions, and roadmap planning
- Drive security adoption through collaboration rather than gatekeeping, helping teams make informed risk-based decisions
- Drive security and privacy awareness across the organization by delivering role-specific training, secure design guidance, and ongoing education
Requirements:
- 5+ years of experience in Software Engineering and/or Security Engineering, with demonstrated senior-level impact across multiple systems or teams
- Strong proficiency in at least one modern programming language (e.g., Python, Go, or Node.js), with an emphasis on building maintainable, production-quality systems and tooling
- Deep understanding of common application security vulnerabilities (e.g., OWASP Top 10), including root causes, exploitability, and real-world risk, and the ability to communicate these effectively to engineers
- Strong experience with Linux, containers/Kubernetes, and infrastructure as code in at least one major public cloud provider (AWS, GCP, or Azure)
- Experience leading threat detection and response efforts, including automation of detections and response playbooks
- Proven ability to work cross-functionally with engineering, product, and other stakeholders, influencing outcomes through collaboration and technical leadership
- Experience defining and tracking security metrics and building dashboards to measure program effectiveness
- Experience working in a remote environment
- Experience working in a pre-IPO startup environment