# Lead Security Engineer

**Company:** [CodeRabbit](https://hotfix.jobs/companies/coderabbit)
**Location:** San Francisco, CA
**Role:** Security Engineering
**Experience:** 8+ years
**Skills:** Threat Modeling, Pen Testing, CI/CD, Cloud Security, Incident Response, SAST, DAST, SIEM, Edr, DevSecOps
**Posted:** 2026-01-07

> Leads security engineering by owning the security roadmap, implementing defense-in-depth tactics like threat modeling and secure CI/CD, and spearheading incident response. Requires 8+ years in security engineering with expertise in cloud security and developer workflows.

## Job Description

## Responsibilities
- Own the security roadmap — craft and execute a strategic security engineering plan that aligns with CodeRabbit’s fast-paced engineering cadence.
- Boost resilience — champion defense-in-depth tactics: threat modeling, secure design reviews, hardening, CI/CD integration.
- Be Incident Commander — spearhead security incident response and recovery: triage, resolve, root cause, and turn those learnings into stronger systems.
- Tools & automation — build or integrate security tooling (SAST, DAST, SIEM, EDR, monitoring) into the developer workflow without slowing delivery.
- Embed security fluently — partner with engineering and product teams to bring secure practices early into planning and daily workflows.
- Talent & culture — help to hire, coach, and mentor a scrappy, resilient security engineering team; elevate security awareness across the company.
- Compliance & policy — establish security standards, frameworks, or processes that evolve as we scale—but remain lean and developer-friendly.

## Qualifications
- Battle-tested experience: 8+ years in security engineering, incident response, or correlated fields—bonus if you've led through a major production breach or targeted attack.
- Technical depth: Extensive experience with security across software and infrastructure—**threat modeling**, pen testing, secure CI/CD pipelines, cloud security, incident response.
- Strategic mindset: Ability to translate risk into actionables, communicate trade-offs with engineering/product leadership.
- Praxis over theory: You’ve taken production systems down (intentionally or unintentionally) and built them back stronger.
- Security in chaos: Experience in pressure situations—with clarity, direction, and calm.
- Developer-centric approach: You can speak fluent dev-tools, empathize with fast-moving teams, and secure them without slowing them down.

## Bonus Points
- You’ve implemented **DevSecOps** tooling and orchestrated shift-left security in developer pipelines.
- You’ve recovered from (or prevented) a critical security event, and turned that into an engineering culture improvement.
- Experience in a dev-tools, SDK, or platform-heavy company.
- Hacker mindset + operational discipline - pentests, disaster recovery, threat hunting, tooling, cloud environments.
- Certifications like **CISSP**, **CISM**, **CEH**, or relevant cloud security certs.

## Similar roles

- [Network Security Engineer](https://hotfix.jobs/jobs/39366c71-c790-48b1-9a61-d52f71b06aed) - Zoox - Foster City, CA - $181k – $218k/yr
- [Senior Software Engineer](https://hotfix.jobs/jobs/2ad28874-4486-42ff-949a-ec54985c2762) - Snowflake - Bellevue, WA - $200k – $288k/yr
- [Software Security Engineering Manager, Secure Frameworks](https://hotfix.jobs/jobs/26e1ecde-76c2-491f-951c-78e9c075c076) - Anthropic - San Francisco, CA - $405k – $485k/yr
- [Founding Security Engineer](https://hotfix.jobs/jobs/6deb6526-e0c3-42a9-9c29-360c4354d869) - Forus - New York, NY
- [Manager, Supply Chain Protection & Loss Intelligence](https://hotfix.jobs/jobs/9e3a84ce-58cf-480f-bf1d-6fefa2cf89bf) - Flexport - Miami, FL

**Apply:** https://hotfix.jobs/jobs/1a19f620-d42c-4d22-baa3-5685a496f37d
**Canonical:** https://hotfix.jobs/jobs/1a19f620-d42c-4d22-baa3-5685a496f37d