Key skills
JavaScriptTypeScriptPythonJavaC#CGoAWSAzureGCPKubernetesOAuthSaaSCI/CDMentoringCommunication
About this role
Tango is a company focused on helping businesses make smarter decisions through technology and data. They are seeking a Staff Security Engineer who will perform hands-on security work, partner with product and engineering teams to champion secure design, and build developer-first security tools.
Responsibilities:
- Perform hands-on security work across the stack: code reviews, threat modeling, vulnerability hunting, and remediation in production services
- Own end-to-end remediation for complex findings: from exploit proof-of-concept to code-level fixes and automated CI checks
- Build and maintain developer-first security tools, automation, and self-service capabilities (SAST rules, IaC scanning, dependency/OSS policies, CI/CD gates)
- Lead threat modeling sessions and secure design reviews for new product initiatives and platform changes
- Collaborate with SRE and Platform teams to harden runtimes, secrets management, identity, and authentication flows
- Mentor and coach engineers on secure coding, secure-by-default patterns, and incident learnings
- Contribute to security metrics and visibility (vulnerability backlog, mean time to remediate, coverage of automated tests)
Requirements:
- Applicants must be authorized to work in the U.S. for any employer
- We cannot sponsor employment-based visas at this time
- 10+ years software engineering and application security experience (or equivalent), with deep hands-on polyglot coding experience across at least two major languages (e.g., Java, Python, Go, JavaScript/TypeScript, C#)
- Demonstrated ability to both find security issues (offensive skills) and implement fixes across app and infra codebases (defensive skills)
- Experience building developer-friendly AppSec programs and integrating security tooling into CI/CD pipelines
- Familiarity with cloud platforms (AWS, GCP, Azure) and container/Kubernetes security practices
- Strong communication skills and experience mentoring engineers across multiple teams
- Comfort with threat modeling, secure design patterns, PKI/identity flows, OAuth/OIDC, and authentication hardening
- Experience working at scale in B2B SaaS environments; prior experience at developer-focused security companies or engineering-forward startups is a plus
- Bachelor's degree in computer science or a related field
- Open-source security contributions, published tooling, or participation in security communities
- Experience with program-level security metrics, vulnerability triage frameworks, and compliance programs (e.g., SOC2, FedRAMP context)