Leads security engineering by owning the security roadmap, implementing defense-in-depth tactics like threat modeling and secure CI/CD, and spearheading incident response. Requires 8+ years in security engineering with expertise in cloud security and developer workflows.
Salary not listed
Hybrid8+ YOESecurity Engineering
About the role
Responsibilities
Own the security roadmap — craft and execute a strategic security engineering plan that aligns with CodeRabbit’s fast-paced engineering cadence.
Be Incident Commander — spearhead security incident response and recovery: triage, resolve, root cause, and turn those learnings into stronger systems.
Tools & automation — build or integrate security tooling (SAST, DAST, SIEM, EDR, monitoring) into the developer workflow without slowing delivery.
Embed security fluently — partner with engineering and product teams to bring secure practices early into planning and daily workflows.
Talent & culture — help to hire, coach, and mentor a scrappy, resilient security engineering team; elevate security awareness across the company.
Compliance & policy — establish security standards, frameworks, or processes that evolve as we scale—but remain lean and developer-friendly.
Qualifications
Battle-tested experience: 8+ years in security engineering, incident response, or correlated fields—bonus if you've led through a major production breach or targeted attack.
Technical depth: Extensive experience with security across software and infrastructure—threat modeling, pen testing, secure CI/CD pipelines, cloud security, incident response.
Strategic mindset: Ability to translate risk into actionables, communicate trade-offs with engineering/product leadership.
Praxis over theory: You’ve taken production systems down (intentionally or unintentionally) and built them back stronger.
Security in chaos: Experience in pressure situations—with clarity, direction, and calm.
Developer-centric approach: You can speak fluent dev-tools, empathize with fast-moving teams, and secure them without slowing them down.
Bonus Points
You’ve implemented DevSecOps tooling and orchestrated shift-left security in developer pipelines.
You’ve recovered from (or prevented) a critical security event, and turned that into an engineering culture improvement.
Experience in a dev-tools, SDK, or platform-heavy company.
Network Security Engineer designing, implementing, and operating secure hybrid/multi-cloud network architectures, next-gen firewalls, ZTNA/VPN, and automation (Terraform/Python) across enterprise, OT, and cloud environments (AWS/GCP). Requires 6+ years experience in network security, firewalls, cloud security, IaC, and compliance (NIST, ISO).
181k – 218k/yr
Hybrid6+ YOESecurity Engineering
Senior Software Engineer
SnowflakeBellevue, WA +1
Senior Software Engineer building Snowflake's core identity, access management, and AI-native security infrastructure for the Data Cloud. Design secure agent workflows, IAM systems, encryption, and policy enforcement tooling at massive scale.
Lead the Secure Frameworks Research team at Anthropic to build high-leverage security libraries and frameworks (cryptographic, serialization, authorization) that prevent vulnerabilities in AI model development. Manage engineers, drive adoption across teams, and balance security rigor with development velocity; requires 5+ years security/software engineering and 3+ years managing security teams.
405k – 485k/yr
Hybrid8+ YOESecurity Engineering
Founding Security Engineer
ForusNew York, NY
Founding Security Engineer owning cloud (AWS/GCP), product, AI data, detection/response, and compliance (HIPAA/SOC 2) for a healthcare AI platform handling PHI at scale. Requires 7+ years security engineering on strong SWE foundation, hands-on IaC, and multi-domain expertise.
Salary not listed
On-site7+ YOESecurity Engineering
Manager, Supply Chain Protection & Loss Intelligence
FlexportMiami, FL
Manager responsible for global supply chain protection, loss prevention, and physical security programs at Flexport. Oversees 50+ security officers, electronic systems (CCTV/access control), data-driven investigations, policy/SOP authoring, and new facility stand-up across offices and fulfillment centers.