Full Stack Security Engineer embedding with engineering teams to secure Runpod's AI cloud platform. Lead threat modeling, fix vulnerabilities by writing code in Python/Go/TS, implement DevSecOps pipelines, and champion security across web apps, APIs, and microservices.
152k – 175k/yr
Remote5+ YOESecurity Engineering
About the role
Responsibilities
Lead threat modeling, architecture reviews, and code reviews for web applications, APIs, and microservices.
Actively develop and commit code to fix security flaws in Python, Go, or JavaScript/TypeScript codebases.
Implement, tune, and manage security testing tools (SAST, DAST, SCA) within CI/CD pipelines.
Configure and manage application-layer security controls including WAF, bot protection, and API gateways.
Provide security guidance, secure coding training, and standard operating procedures to development teams.
Collaborate on product-level compliance with SOC 2, ISO 27001, GDPR and participate in bug bounty triage.
Requirements
5+ years of experience in application security, product security, or as a software engineer with heavy security focus.
Strong programming and code-review skills in Python, Go, JavaScript/TypeScript or similar.
Deep understanding of web application vulnerabilities (OWASP Top 10), API security (REST/GraphQL), and authentication (OAuth, OIDC, JWT).
Hands-on experience with offensive web security testing tools (Burp Suite, ZAP).
Experience building and maintaining automated security pipelines (DevSecOps).
Ability to translate complex security risks into actionable engineering tasks.
Nice-to-Haves
Relevant certifications (OSWE, GWAPT, CISSP).
Experience securing cloud-native applications on Kubernetes/Docker.
Background managing bug bounty programs or coordinated vulnerability disclosures.
Compensation & Benefits
Base pay: $152,000 - $175,000 (may vary by experience, qualifications, and location).
Meaningful equity (stock options for all team members).
Generous medical, dental & vision plans.
Flexible PTO.
$1,200 home office & equipment stipend.
Remote-first with Slack-based collaboration.
Skills
Application SecurityPythonGoJavaScriptTypeScriptOwasp Top 10Api SecurityOAuthOIDCJwtBurp SuiteZapSASTDASTSca
Systems-focused Cloud Infrastructure Security Engineer responsible for securing Runpod's multitenant GPU bare-metal and virtualized environments. Requires 5+ years in infrastructure security, deep Linux kernel and virtualization expertise (KVM/QEMU), and low-level programming (C/Go/Rust) to prevent breakouts and harden against threats.
152k – 175k/yr
Remote5+ YOESecurity Engineering
Manager, Product Security
ChimeSan Francisco, CA
Leads a team securing cloud infrastructure, sensitive data, and AI systems in products. Influences engineering roadmaps, embeds security in designs, and manages AI risks like prompt injection and data leakage. Requires 5+ years security engineering and 2+ years leading engineers.
152k – 210k/yr
Hybrid5+ YOESecurity Engineering
Threat Intelligence Researcher (Cloud)
WizNew York, NY
Track, analyze, and attribute advanced state-backed and financially motivated threat actors targeting cloud environments. Requires 5+ years in threat research with expertise in malware, infrastructure tracking, and large-scale telemetry analysis.
151k – 208k/yr
Remote5+ YOESecurity Engineering
Software Engineer, Identity
MercorSan Francisco, CA
Build and scale Mercor's novel identity and access management infrastructure across thousands of Slack workspaces and HR systems for a 100k+ expert network. Requires strong product engineering, large-scale distributed systems experience, and security-minded design instincts.
150k – 325k/yr
On-site5+ YOESecurity Engineering
IT Security Operations Engineer
AKASASan Francisco, CA
IT Security Operations Engineer responsible for implementing DLP, email security, endpoint protection, Okta/Google Workspace hardening, automation, compliance evidence collection, and incident response in a hybrid healthcare AI startup.