# Staff Security Engineer

**Company:** [Order.co](https://hotfix.jobs/companies/orderco)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $180k – $220k/yr
**Experience:** 8+ years
**Skills:** Ruby on Rails, Postgres, AWS, Infrastructure As Code, CI/CD, Network Security, Linux, Cloud Security, Api Security, Threat Modeling, Identity And Access Management, Nist, ISO 27001, SOC 2, GDPR
**Posted:** 2026-05-26

> Staff-level security engineer owning cross-team security architecture, leading complex initiatives, and mentoring senior engineers. Requires deep expertise in Ruby on Rails, AWS, cloud security, compliance frameworks, and production systems at scale.

## Job Description

## Responsibilities
- Own Platform team-level architectural security decisions; research, design and own security frameworks, evolution paths, and technical debt strategy while others build against your direction
- Lead and contribute to large, complex security initiatives; decompose work, coordinate execution, and surface risks before they become incidents
- Proactively detect and remediate security vulnerabilities with discernment using AI tooling as an accelerant while applying rigorous judgment on correctness and risk
- Champion security standards, testing patterns, and observability; driving improvements in security beyond your immediate team by embedding security in the software development lifecycle and infrastructure changes
- Mentor senior engineers toward Staff-level behaviors; your impact compounds through the engineers you develop, not just the code you write
- Align multiple teams on security strategy; translate business goals into secure system design and represent security strategy in organizational discussions

## Requirements
- Proficiency in Ruby on Rails and PostgreSQL, including understanding the framework's security tools (Active Record encryption, CSP, sanitization, asynchronous background processing)
- Hands-on security experience with AWS, infrastructure as code, and CI/CD at scale
- Expert-level knowledge of network security, operating systems (Linux), and cloud platforms
- Experience with NIST, ISO27001, CIS MITRE ATT&CK, CSA CCM, SOC2, GDPR frameworks
- Strong track record with cloud security, API security, secure software development, threat modeling, identity and access management, network segmentation, vulnerability management, incident response, and compliance-driven security controls

## Nice-to-Haves
- You've owned production systems at scale and made security trade-offs under real constraints
- You self-direct technical improvement work beyond the product roadmap
- You develop others and make engineers around you more effective and higher-scope

## Similar roles

- [Member of Technical Staff, DevSecOps](https://hotfix.jobs/jobs/7481e105-881d-4971-988f-7590776a1a4f) - Vapi - San Francisco, CA - $180k – $280k/yr
- [Staff Product Security Engineer](https://hotfix.jobs/jobs/9df996cd-f7e2-42a0-89f2-ca7955b3655e) - Okta - San Francisco, CA - $180k – $248k/yr
- [Member of Technical Staff - Imagine Safety](https://hotfix.jobs/jobs/db3807de-87f6-4bc5-a3b9-1ed8b978c2ef) - xAI - Palo Alto, CA - $180k – $440k/yr
- [Member of Technical Staff, X Platform Security](https://hotfix.jobs/jobs/976e542c-fee6-442e-b916-0577378e4c64) - xAI - Palo Alto, CA - $180k – $340k/yr
- [Staff Software Engineer - IAM](https://hotfix.jobs/jobs/8798a3e7-1831-475e-bcf1-65eb8ac450e1) - Databricks - Bellevue, WA - $181k – $261k/yr

**Apply:** https://hotfix.jobs/jobs/a6d606fd-cc10-4d0f-94b9-7894969af192
**Canonical:** https://hotfix.jobs/jobs/a6d606fd-cc10-4d0f-94b9-7894969af192