Security Engineer

Butterfly Security is an identity security and AI agent governance platform designed for enterprises with complex identity infrastructures. The Security Engineer contract role is responsible for designing, implementing, and maintaining security controls, assessing security postures, and conducting risk analyses to protect non-human identities and critical configurations.

Responsibilities:

• Designing, implementing, and maintaining security controls across identity, application, and network layers
• Assessing the security posture of identity providers and AI agents
• Conducting risk analyses and recommending improvements to protect non-human identities and critical configurations
• Reviewing and hardening security policies
• Integrating security tooling into CI/CD pipelines
• Performing threat modeling and vulnerability assessments
• Collaborating with engineering teams to remediate findings
• Refining monitoring rules, incident response procedures, and compliance checks against security frameworks
• Contributing to infrastructure-as-code and automation initiatives to ensure scalable, repeatable security practices

Requirements:

• Strong foundation in Security Engineering and Cybersecurity, including designing, implementing, and reviewing security architectures and controls
• Hands-on experience with Application Security, such as threat modeling, secure coding practices, code reviews, and vulnerability management for cloud-native and SaaS applications
• Proficiency in Network Security, including segmentation, secure protocols, firewall and VPN configuration, and monitoring for suspicious activity
• Background in Information Security, including risk assessment, security policies and standards, compliance frameworks (e.g., NIST, SOC 2, ISO 27001, CIS), and incident response
• Experience with identity and access management (IAM) concepts and tools (e.g., Okta, Entra ID, Auth0, PingOne, 1Password) and understanding of non-human identities and API security
• Familiarity with automation, scripting, or infrastructure-as-code (e.g., Terraform, CI/CD pipelines, CLI tools) to implement and maintain security controls at scale