We’re growing our security team and looking for an engineer who can own a broad operational and technical scope - someone equally at home triaging an access request, running a security review, or building a custom testing framework. This role will report directly to the Head of Security, working closely to strengthen and scale our security posture across the organization.
Identity and access management - provisioning, lifecycle operations, and monitoring for critical changes
Security reviews across our product portfolio - threat modeling, code review, fuzzing, and functional testing
Day-to-day bug bounty operations - triage, remediation tracking, and escalation of high-severity findings
AI security research and tooling - adversarial testing frameworks for agent controls, with a focus on reusable patterns
Software supply chain monitoring - malicious package detection beyond standard CVE scanning
External penetration test coordination - scoping, logistics, and post-engagement remediation tracking
Compliance documentation and evidence gathering as requirements emerge
A software engineering background is essential - you've built production systems and that foundation shapes how you approach security
You've since moved into product security and are fluent in the full lifecycle: threat modeling, secure design review, whitebox code review, and vulnerability testing
Solid understanding of identity and access management concepts and tooling
Genuine interest in AI security with the ability to build adversarial testing tooling
A thoughtful approach to software supply chain risk beyond checkbox scanning
Strong written communication - documentation is a real part of this job
Comfortable with high ownership and working autonomously on a small team
Bachelor's degree in Computer Science, Computer Engineering, or a related technical field
5+ years of professional experience, with a meaningful portion in software engineering before transitioning into security
Proficiency in at least one systems or backend language (e.g. Rust preferred, Go, Python, C++) - you will be expected to write code, build tooling, and read production codebases as a routine part of this role
Demonstrated experience in product or application security - not solely infrastructure or compliance-focused roles
Track record of building security tooling or automation from scratch
Experience conducting or leading security reviews on production software systems
Hands-on experience with mobile device management (MDM) platforms and endpoint policy enforcement
Familiarity with enterprise IAM systems and SSO - configuration, integration, and audit
Experience with privileged access management (PAM) tooling and the operational patterns around it
Strong Linux administration skills - comfortable at the command line, understanding of kernel-level security primitives, and experience hardening Linux environments
Experience with multisig schemes - signing policy design, quorum configuration, or key management in a production context
Familiarity with hardware security modules (HSMs) - integration, key lifecycle management, or operational use
Exposure to trusted execution environments (TEEs) - understanding of attestation, confidential compute, or secure enclave design
