Senior Security Engineer

About The Role

We’re a rapidly scaling SaaS company and our security program is still early - which means you won’t just be “operating a playbook,” you’ll be helping write it. You’ll take ownership of key security initiatives end-to-end, working closely with engineering to secure our cloud-native platform and lift our overall security posture in a meaningful, measurable way. This is a high-impact role with plenty of autonomy, ideal for someone who enjoys building security from first principles in a modern, fast-moving environment.

What You’ll Do

• Build and run core security capabilities - Stand up and operate the foundations of our security stack: vulnerability management, patching, log aggregation/SIEM, cloud security monitoring, and alert triage.
• Own our security tooling - Select, deploy, configure, and fine-tune tools across scanners, WAF, CSPM/CNAPP, SIEM, and endpoint protection - and ensure they deliver actionable signal, not noise.
• Embed security into engineering workflows - Partner with product and platform engineers to make “secure by default” the easiest path. Help design guardrails that support, not slow down, developer productivity.
• Drive pragmatic vulnerability management - Triage and risk-assess vulnerabilities, shape remediation priorities with teams, and track progress so we’re focusing on what matters most.
• Level up detection & response - Create and maintain incident response runbooks, improve detection coverage over time, and help coordinate response when things go wrong.
• Continuously improve how we operate - Refine processes, automate wherever possible, and make sure our security practices scale as the company, product, and customer base grow.
  
  

• Solid senior experience - Typically 5+ years in security engineering or SecOps, with hands-on, builder-style experience. Startup or scale-up background is a strong plus.
• Cloud security ownership - Demonstrated experience deploying and operating security controls in AWS.
• Depth in key security domains
  
  

• Vulnerability management programs
• Cloud-native logging/SIEM
• Secure SDLC and pipeline integration
• Incident detection and response
• Developer-aware mindset - You think about the impact of controls on developer workflows and design solutions that engineers actually want to use.
• Clear, confident communication - Able to translate complex risks, constraints, and trade-offs into language that resonates with engineers, leadership, and non-technical stakeholders.
  
  

• OSCP or similar offensive/security certifications
• Experience preparing for SOC 2, ISO 27001, or PCI audits