Security Engineer

Remote (United States)

Compensation

Annual Salary: $175,000 – $195,000 per year

Compensation is based on experience and may include above-market total compensation, multiple forms of equity, and additional benefits.

Employment Type: Full Time

Department: Engineering

About the Role

A Security Engineer is needed to support a broad mix of product security, application security, identity and access management, security reviews, bug bounty operations, AI security tooling, software supply chain monitoring, and security documentation. This role is well suited for an engineer with a strong software engineering background who has moved into product and application security.

This position requires someone who can work independently, write and review production code, build custom security tooling, evaluate security risks across product systems, and help strengthen security practices across a small, fast-moving technical team.

What You’ll Do

Identity and Access Management

• Manage identity and access operations, including provisioning, lifecycle operations, and monitoring for critical access changes.

Product and Application Security

• Conduct security reviews across the product portfolio.
• Perform threat modeling for product and application systems.
• Review production code for security issues.
• Perform fuzzing and functional security testing.
• Identify product and application security risks before they become broader issues.

Bug Bounty Operations

• Support day-to-day bug bounty operations.
• Triage reported vulnerabilities and security findings.
• Track remediation progress for confirmed findings.
• Escalate high-severity security issues when needed.

AI Security Research and Tooling

• Research AI security risks and build related security tooling.
• Develop adversarial testing frameworks for agent controls.
• Focus on reusable security testing patterns that can support future AI security work.

Software Supply Chain Security

• Monitor software supply chain risks.
• Identify malicious packages beyond standard CVE scanning.
• Evaluate software supply chain exposure with a thoughtful approach beyond checkbox-based scanning.

External Security Testing and Remediation

• Coordinate external penetration testing engagements.
• Support penetration test scoping and logistics.
• Track remediation after external testing engagements.

Compliance and Documentation

• Support compliance documentation as requirements emerge.
• Gather security evidence for compliance and internal documentation needs.
• Create clear written documentation as part of regular security work.

Qualifications

• Bachelor’s degree in Computer Science, Computer Engineering, or a related technical field.
• 5+ years of professional experience.
• Meaningful software engineering experience before transitioning into security.
• Production software engineering background with experience building real systems.
• Demonstrated experience in product security or application security.
• Experience across the product security lifecycle, including threat modeling, secure design review, white-box code review, and vulnerability testing.
• Proficiency in at least one systems or backend programming language, such as Rust, Go, C++, or Python.
• Ability to write code, build security tooling, and read production codebases as a routine part of the role.
• Track record of building security tooling or automation from scratch.
• Experience conducting or leading security reviews on production software systems.
• Solid understanding of identity and access management concepts and tooling.
• Genuine interest in AI security and the ability to build adversarial testing tools.
• Strong understanding of software supply chain risk beyond basic scanning.
• Strong written communication skills.
• Comfort working with high ownership and autonomy on a small team.
• Experience in Web3, crypto, or DeFi.

Nice to Have

• Hands-on experience with mobile device management platforms and endpoint policy enforcement.
• Familiarity with enterprise IAM systems and SSO, including configuration, integration, and audit.
• Experience with privileged access management tooling and related operational patterns.
• Strong Linux administration skills.
• Comfort working at the command line.
• Understanding of kernel-level security primitives.
• Experience hardening Linux environments.
• Experience with multisig schemes, including signing policy design, quorum configuration, or key management in production environments.
• Familiarity with hardware security modules, including integration, key lifecycle management, or operational use.
• Exposure to trusted execution environments, including attestation, confidential compute, or secure enclave design.

Benefits

• Above-market total compensation based on experience.
• Multiple forms of equity may be included.
• 100% employer-paid health benefits.
• All-expenses-paid team retreats and conferences.
• Weekly meal voucher.