Lead a team of security engineers scaling secure-by-design practices across application, infrastructure, offensive, and product security. Partner with engineering and risk leaders to reduce systemic risk and improve security posture of customer-facing products and cloud-native services.
191k – 264k/yr
Remote8+ YOESecurity Engineering
About the role
Responsibilities
Define and lead the Security Engineering roadmap across application security, infrastructure security, offensive security, and product security, aligning priorities with business objectives, engineering strategy, regulatory expectations, and risk posture.
Manage, coach, and develop a team of security engineers, ensuring clear goals, measurable impact, sustainable execution, effective operating rhythms, and growth opportunities.
Partner with Engineering, Product, Infrastructure, Data, Risk, Compliance, and Audit leaders to identify high-priority security risks, align on pragmatic mitigations, and embed security requirements early in planning, design, development, and operations.
Scale secure-by-design practices across the SDLC, including threat modeling, security architecture reviews, secure coding practices, automated security testing, vulnerability management, API security, CI/CD protections, secrets management, and developer security enablement.
Strengthen infrastructure and cloud security by partnering with Infrastructure and Platform teams on secure architecture, identity and access controls, Kubernetes and container security, cloud-native security controls, and defense-in-depth.
Build and mature offensive security capabilities, including attack surface management, adversarial testing, security validation, penetration testing coordination, bug bounty intake, and prioritization of findings.
Improve product security outcomes by partnering with Product and Engineering teams to identify abuse cases, security requirements, customer-impacting risks, and scalable controls for high-trust product experiences.
Drive consistent execution across cross-functional initiatives by setting priorities, clarifying ownership, communicating tradeoffs, and ensuring high-impact security work is delivered with quality and urgency.
Establish and improve Security Engineering metrics, operating models, and reporting to track risk posture, remediation progress, recurring patterns, program health, and security investment effectiveness.
Support response to high-severity security issues by coordinating technical investigation, stakeholder communication, root cause analysis, remediation tracking, and durable improvements.
Foster a culture where security enables innovation by building trusted partnerships, mentoring engineering leaders, and helping teams adopt practical controls that improve safety without unnecessary friction.
Requirements
8+ years of experience in security engineering, software engineering, infrastructure engineering, offensive security, product security, or related technical security roles.
3+ years of experience managing, leading, or formally developing security engineers or technical teams.
Experience leading security engineering programs in at least two of the following domains: application security, infrastructure security, offensive security, product security, cloud security, or secure SDLC.
Experience partnering with Engineering, Product, Infrastructure, Risk, Compliance, or Audit stakeholders to deliver cross-functional security initiatives.
Experience with modern application and infrastructure architectures, including APIs, web applications, cloud-native services, CI/CD pipelines, identity and access controls, and common vulnerability classes.
Experience defining roadmaps, priorities, metrics, and operating processes for security programs with cross-functional dependencies.
Nice-to-Haves
Experience building or scaling a security engineering function, including team operating models, roadmap planning, prioritization frameworks, metrics, and executive-level reporting.
Experience managing security work in a regulated environment, financial technology company, or organization with high security, privacy, or compliance requirements.
Knowledge of AWS, Kubernetes, containers, CI/CD security, infrastructure-as-code security, identity and access management, vulnerability management, API security, and modern application security testing practices.
Experience implementing or scaling security tooling such as SAST, DAST, SCA, IaC scanning, secrets detection, attack surface management, bug bounty intake, penetration testing workflows, vulnerability management platforms, or developer security guardrails.
Familiarity with security considerations for AI/ML systems, data-intensive applications, lending or financial technology platforms, or other high-trust customer-facing products.
Ability to communicate technical risk, tradeoffs, and recommendations clearly to technical, non-technical, and senior leadership audiences.
Experience partnering with Engineering, Product, Infrastructure, Legal, Risk, Compliance, and Audit teams to deliver security outcomes without creating unnecessary friction.
Security certifications such as CISSP, CSSLP, CCSP, AWS Security Specialty, GIAC, OSCP, or equivalent.
Lead and mature security engineering programs across enterprise security, security operations, and detection engineering. Manage a team of security professionals while building proactive controls, improving detection/response, and driving cross-functional risk reduction initiatives.
191k – 264k/yr
Remote8+ YOESecurity Engineering
Senior Security Engineer, AI Security
RedditUnited States
Senior Security Engineer responsible for threat modeling and securing Reddit's AI-powered products, LLMs, and agentic workflows. Build reusable security primitives, guardrails, scanners, and platform controls while partnering with AI product teams. Requires 5+ years in application/product security plus familiarity with LLM/agent risks.
191k – 267k/yr
Remote5+ YOESecurity Engineering
Senior Infrastructure Security Engineer
DropboxUnited States
Senior security engineer focused on securing AI/agentic infrastructure, LLM/RAG systems, identity for non-human workloads, and cloud/K8s platforms. Requires 9+ years experience and strong scripting skills.
190k – 290k/yr
Remote9+ YOESecurity Engineering
Security Engineer - Product
CardlessSan Francisco, CA
Lead product security for a fintech credit card infrastructure platform. Own API security, auth strategy, fraud primitives, secure SDLC, and compliance for partner-facing services. Hands-on engineering role reporting to Head of Engineering.
190k – 260k/yr
On-site7+ YOESecurity Engineering
Senior Application Security Engineer
ApolloUnited States
Senior individual contributor responsible for strengthening Apollo's secure software development lifecycle, performing application security reviews, threat modeling, vulnerability management, and AI security for product, platform, and AI-powered features.