Key skills
CloudJavaScriptKubernetesPythonRubyTypeScriptC#CAIIAMCI/CDRisk ManagementCloud Security
About this role
Role Overview
- Lead secure architecture reviews and threat modeling for new features, major changes, and sensitive workflows/integrations, translating outcomes into concrete mitigations teams can ship.
- Build and evolve secure “paved road” components—standards, defaults, and reusable frameworks—so the secure path is the easiest path.
- Integrate and tune automated controls in CI/CD to prevent vulnerabilities from reaching production.
- Improve developer experience by making security tooling and guardrails easy to use, and serve as a trusted security partner by providing practical guidance so teams can ship secure features faster and reduce repeat issues.
- Perform targeted code reviews and assessments on high-risk areas to proactively identify security issues.
- Continuously improve the processes for intake, prioritization, resolution, and recurrence prevention of vulnerabilities. Coordinate external penetration tests and vulnerability disclosure submissions.
- Partner with DevOps/platform teams to harden infrastructure and embed practical guardrails that reduce risk across cloud environments, IAM, Kubernetes, and deployment pipelines.
- Improve dependency and third-party risk management through scalable workflows that reduce exposure and speed response.
- Define lightweight, outcome-based metrics to focus effort on the highest-impact risk reductions.
- Implement AI-assisted security workflows to improve early detection, reduce noise, and accelerate remediation, with human verification.
- Support triage of infrequent security events impacting the product, and drive post-incident learnings into preventative controls.
Requirements
- 5+ years of experience in product security, application security, security engineering, or equivalent experience as a software engineer or architect with substantial security ownership.
- Hands-on software development experience and the ability to read and write production code in one or more languages (e.g., Python, C#, Ruby, JavaScript/TypeScript).
- Security certifications (e.g., OSCP, OSWE, cloud security certifications) are helpful but not required—demonstrated impact matters most.
Tech Stack
- Cloud
- JavaScript
- Kubernetes
- Python
- Ruby
- TypeScript
Benefits
- Health insurance
- Paid time off
- Professional development opportunities