Key skills
PythonGoBashAIAWSAzureGCPVaultAlgoliaSaaSCommunication
About this role
Algolia is a pioneer and market leader in AI Search, empowering businesses to deliver fast search experiences. They are seeking a Senior Information Security Engineer to enhance their Information Security posture and ensure the secure integration of security practices into their infrastructure and products.
Responsibilities:
- Design and automate controls, detection mechanisms, and tooling to improve the Information Security of Algolia’s infrastructure and products
- Research, evaluate, and recommend new Information Security technologies, techniques, and frameworks
- Design, implement, and maintain information security monitoring and remediation systems that move the needle in protecting Algolia’s customers’ data, and protecting Algolia’s systems and data
- Partner with engineering and product teams to integrate Information Security into new features, systems, and development pipelines
- Contribute to improving Information Security standards, processes, and best practices across the company
- Conduct Information Security risk assessments and threat models of core systems, services, and third-party vendors (this does not include answering customer third-party risk assessment questionnaires)
- Participate in and sometimes lead Information Security incident response activities and post-incident analysis
- Support ongoing and emerging Information Security and compliance initiatives (e.g., SOC 2, Type II, ISO 27001, C5, GDPR)
- Manage and enhance Algolia’s public bug bounty and vulnerability disclosure programs
Requirements:
- 3–6 years of experience in Information Security engineering, infrastructure protection, or related technical domains
- Strong understanding of Information Security principles for modern cloud environments (AWS, GCP, or Azure)
- Strong understanding of, comfort with, and at least three years of experience in operating, configuring, and managing log management / SIEM, threat detection and posture management, endpoint detection and response, SAST, SOAR, and other table-stakes information security systems
- Knowledge of common internet Information Security threats, attack vectors, and mitigation strategies
- Proficiency in scripting or automation with at least one language (Python, Bash, Go, or similar)
- Solid understanding of computer systems, networks, and low-level protocols from an Information Security perspective
- Experience in incident detection, response, and vulnerability management
- Excellent communication skills, with the ability to explain Information Security risks and concepts to both technical and non-technical audiences
- Full professional proficiency in English
- Experience scaling Information Security programs in high-growth SaaS organizations (10,000+ customers, $50–200M ARR range)
- Cloud-specific Information Security certifications or equivalent training (e.g., AWS Security Specialty, GCP Professional Security Engineer)
- Experience with complex secrets management systems such as Hashicorp Vault
- Experience contributing to Information Security communities, such as bug bounty triage, open-source security tools, or Capture the Flag events
- Background in privacy engineering, threat modeling, or secure software design