Skip to content
FigmaFigmaSan Francisco, CA

Security Engineer

Security Engineer drives security improvements across Figma's AI, platform, product, and anti-abuse teams through assessments, tooling development, threat detection, and incident response. Requires 5+ years engineering experience, strong security judgment, and proficiency in a general-purpose language.

149k – 350k/yr
Remote5+ YOESecurity Engineering

About the role

Responsibilities

AI Security:

  • Perform technical security assessments, code audits, and design reviews for new AI infrastructure, platforms, and products.
  • Design and develop technical solutions to secure AI models, tooling, debugging workflows, and data pipelines.
  • Advocate for secure practices across Figma's AI infrastructure, platforms, and data systems.
  • Build internal AI-powered access insights and security tooling.
  • Help run penetration testing and offensive security exercises against AI infrastructure.

Platform Security:

  • Perform technical security assessments, code audits, and design reviews for cloud and corporate infrastructure changes.
  • Design and develop solutions to prevent or mitigate cloud and corporate security risks.
  • Advocate for secure practices within cloud and corporate infrastructure.
  • Build platforms and tooling to detect and respond to infrastructure and corporate security threats.

Product Security:

  • Perform technical security assessments, code audits, and design reviews for new product features.
  • Design and develop solutions to prevent or mitigate product security vulnerabilities.
  • Advocate for secure development practices across products and services.
  • Help run penetration testing, offensive security exercises, and support bug bounty program.
  • Help respond to product security incidents.

Anti-Abuse:

  • Design and build technical systems to prevent spam, fraud, and abuse.
  • Partner with product teams to identify and address potential abuse vectors.
  • Develop new signals and improve existing signals to detect abusive behavior.
  • Help respond to spam, fraud, and abuse incidents.

Requirements

  • 5+ years of proven engineering experience in Security Engineering or Software Engineering (with some security experience preferred).
  • Strong security judgment in threat modeling and risk prioritization and/or strong technical judgment in designing and building maintainable, scalable systems.
  • Proficiency in at least one general-purpose coding language.
  • Strong communication and interpersonal skills, with demonstrated experience collaborating across functions.

Nice-to-Haves

  • Subject matter expertise in Application Security, Cloud Security, Corporate Security, Data Access Governance, and/or IAM (Identity and Access Management).
  • Demonstrated ability to make hard prioritization decisions in security controls.

Skills

Threat ModelingCode AuditsDesign ReviewsPenetration TestingCloud SecurityIAMApplication SecurityPythonJavaScriptGo
Virta Health

Cloud Security Engineer

Virta HealthDenver, CO +1

Builds and matures cloud security program for GCP/Kubernetes platform, integrating security into development lifecycle, automating vulnerability management, and refining IAM/network controls. Requires hands-on experience with app sec, IaC (Terraform), and coding in Go/Python.

149k – 188k/yr
RemoteSecurity Engineering
Mercor

Software Engineer, Identity

MercorSan Francisco, CA

Build and scale Mercor's novel identity and access management infrastructure across thousands of Slack workspaces and HR systems for a 100k+ expert network. Requires strong product engineering, large-scale distributed systems experience, and security-minded design instincts.

150k – 325k/yr
On-site5+ YOESecurity Engineering
AKASA

IT Security Operations Engineer

AKASASan Francisco, CA

IT Security Operations Engineer responsible for implementing DLP, email security, endpoint protection, Okta/Google Workspace hardening, automation, compliance evidence collection, and incident response in a hybrid healthcare AI startup.

150k – 190k/yr
Hybrid4+ YOESecurity Engineering
Novig

Security Engineer

NovigNew York, NY

Build and maintain security automation pipelines, AI agents, SOAR/SIEM integrations, vulnerability management, and IAM systems for a sports prediction market platform.

150k – 200k/yr
On-site5+ YOESecurity Engineering
Fal

Governance, Risk & Compliance Engineer

FalSan Francisco, CA

GRC Engineer responsible for designing and improving governance, risk management, and compliance programs at a generative AI platform company. Manage certifications (SOC 2, ISO 27001, GDPR), lead risk assessments, support customer security reviews, and develop automation for cloud and AI infrastructure controls.

150k – 250k/yr
On-site5+ YOESecurity Engineering