Lead Security Engineer

Swiftly, Inc. is a leading transit data platform on a mission to help cities move more efficiently. They are seeking a Lead Security Engineer to enhance their security posture by partnering with engineering and product teams, designing secure solutions, and driving compliance initiatives.

Responsibilities:

• Own Swiftly's security risk register and threat models; identify, prioritize, and drive remediation of risks across application and infrastructure
• Design secure architectures for our SaaS platform, mobile applications, and IOT/Hardware Integration, focusing on authentication, authorization, data protection, and network boundaries
• Recommend, implement, and manage security tools end-to-end
• Build DevSecOps guardrails into CI/CD so vulnerabilities, misconfigurations, and license issues surface early
• Conduct internal security assessments and coordinate engagements with external penetration testers
• Own security policies and standards; ensure they're practical, adopted, and measurable
• Define standards for secure adoption of AI coding assistants, building reusable patterns, custom configurations, and guardrails that help developers move fast safely
• Lead renewals and continuous readiness for existing certifications like SOC 2
• Proactively identify security frameworks required for international expansion; scope cost, level of effort, and timelines to inform market entry decisions; and lead execution of new certifications
• Respond to customer security and compliance inquiries and support product marketing with security content
• Design and maintain security incident response plans, playbooks, and escalation paths
• Serve as an escalation point for security incidents; lead triage, root cause analysis, and remediation
• Define and maintain security KPIs and dashboards for executive and board reporting
• Give teams visibility into their security posture and coach them to improve
• Influence roadmap prioritization to ensure security and compliance are first-class concerns
• Mentor engineers in secure design and help grow a security-aware culture across Swiftly by delivering security training and office hours for developers and other stakeholders
• Drive corporate IT security strategy, including endpoint hardening, email security, IAM standards, and periodic access reviews

Requirements:

• 5+ years of experience in security engineering with both strategic and hands-on work
• Strong experience securing cloud-native environments (AWS preferred), including IAM, networking, logging/monitoring, and secrets management
• Hands-on experience with infrastructure-as-code (Terraform) and policy-as-code frameworks (OPA, Sentinel, or similar)
• Background building security into CI/CD pipelines and development workflows
• Familiarity with container and orchestration security
• Excellent threat modeling and risk assessment skills; able to translate complex risks into clear options and tradeoffs
• Experience with compliance frameworks (SOC 2 preferred) and audit processes
• Strong communication skills; comfortable working across technical and non-technical teams
• Self-directed and comfortable operating with autonomy
• Relevant certifications (CISSP, cloud security certifications)
• Experience advising on security for AI/ML or LLM-powered features
• Mobile application security experience (Android preferred)
• Experience with GRC and compliance platforms
• Background in application security or penetration testing
• Experience with international compliance frameworks
• Familiarity with regulated industries or public sector requirements
• Experience with physical device security (IoT, embedded systems, or field-deployed hardware)
• Experience with Mobile Device Management (MDM) solutions for enterprise or fleet deployments