Senior Security Engineer

About The RoleWe’re a rapidly scaling SaaS company and our security program is still early – which means you won’t just be “operating a playbook,” you’ll be helping write it. You’ll take ownership of key security initiatives end-to-end, working closely with engineering to secure our cloud-native platform and lift our overall security posture in a meaningful, measurable way. This is a high-impact role with plenty of autonomy, ideal for someone who enjoys building security from first principles in a modern, fast-moving environment.What You’ll DoBuild and run core security capabilities – Stand up and operate the foundations of our security stack: vulnerability management, patching, log aggregation/SIEM, cloud security monitoring, and alert triage.Own our security tooling – Select, deploy, configure, and fine-tune tools across scanners, WAF, CSPM/CNAPP, SIEM, and endpoint protection – and ensure they deliver actionable signal, not noise.Embed security into engineering workflows – Partner with product and platform engineers to make “secure by default” the easiest path. Help design guardrails that support, not slow down, developer productivity.Drive pragmatic vulnerability management – Triage and risk-assess vulnerabilities, shape remediation priorities with teams, and track progress so we’re focusing on what matters most.Level up detection & response – Create and maintain incident response runbooks, improve detection coverage over time, and help coordinate response when things go wrong.Continuously improve how we operate – Refine processes, automate wherever possible, and make sure our security practices scale as the company, product, and customer base grow.Who You AreSolid senior experience – Typically 5+ years in security engineering or SecOps, with hands-on, builder-style experience. Startup or scale-up background is a strong plus.Cloud security ownership – Demonstrated experience deploying and operating security controls in AWS.Depth in key security domainsComfortable taking the lead in at least one (ideally several) of:Vulnerability management programsCloud-native logging/SIEMSecure SDLC and pipeline integrationIncident detection and responseDeveloper-aware mindset – You think about the impact of controls on developer workflows and design solutions that engineers actually want to use.Clear, confident communication – Able to translate complex risks, constraints, and trade-offs into language that resonates with engineers, leadership, and non-technical stakeholders.Nice to HaveOSCP or similar offensive/security certificationsExperience preparing for SOC 2, ISO 27001, or PCI auditsIf you’ve ever thought, “I could build a much better security program than what I’m seeing right now,” this is your opportunity to actually do it.