PlanetScaleRemote
Software Engineer - Information Security
United States of America
Full Time
5 days ago
$140,000 - $320,000 USD
H1B Sponsor Likely
Key skills
PythonJavaC++CGoAWSAzureGCPKubernetesCloud Security
About this role
PlanetScale is a rapidly growing company reinventing the database space, seeking a Software Engineer: Information Security to enhance security across their cloud-native database platform. The role involves designing and implementing security controls, conducting security reviews, and collaborating with engineering teams to ensure robust security practices are embedded throughout the development lifecycle.
Responsibilities:
- You will design and implement security controls for PlanetScale's cloud-native database platform, protecting millions of queries per second for some of the world's largest applications
- You will collaborate with engineering teams to conduct security reviews, threat modeling, and provide secure coding guidance across our distributed systems
- A special focus for this role is on proactive red teaming and testing - you will consistently try to break into the PlanetScale platform as an attacker would, and help patch what you find
- You will evaluate, procure, and implement proactive security tools and technologies to strengthen our security posture
- You will work closely with our compliance team to ensure adherence to SOC 2, PCI DSS, and other security frameworks
- You will build security automation and tooling to scale security practices across the engineering organization
- You will respond to security incidents and conduct post-incident reviews to improve our security resilience
Requirements:
- 5+ years of software engineering experience with a focus on security engineering or application security
- Strong proficiency in Go, with experience in other languages like Python, Java, or C++
- Experience securing cloud-native applications and infrastructure (AWS, GCP, Azure)
- Knowledge of database security, encryption, and access controls
- Experience with security frameworks and compliance requirements (SOC 2, PCI DSS)
- Understanding of threat modeling, security architecture, and secure coding practices
- Experience with database internals, distributed systems security, or infrastructure security
- Background in security tool evaluation, implementation, and automation
- Experience with Kubernetes security, container security, and cloud security posture management
- Knowledge of security monitoring, incident response, and vulnerability management
- Previous experience at a high-growth technology company or in a security engineering role
- Relevant security certifications (CISSP, CISM, CEH, etc.)