Skip to content
StediStediUnited States

Security Engineer

Security Engineer enhances AWS serverless infrastructure security, develops playbooks, improves compliance with SOC/HIPAA/HITRUST, and collaborates on secure CI/CD and app design. Requires 4+ years AWS experience and TypeScript proficiency.

Salary not listed
Remote4+ YOESecurity Engineering

About the role

Responsibilities

  • Develop playbooks and address security-related tasks in AWS serverless environments.
  • Drive improvements in broader security posture, including application security, endpoint security, access management/just-in-time access, email and web gateways, browser security, and data loss prevention.
  • Collaborate with product engineering teams to raise security standards, supporting CI/CD pipelines, dependency management, and secure application design reviews.
  • Secure and improve AWS organization using infrastructure as code (CDK), enforcing security controls, and ensuring strong tenant isolation.
  • Continuously assess vulnerabilities and perform regular risk assessments.

Requirements

  • 4+ years of experience in engineering, working as a security engineer or in security-adjacent roles.
  • Familiarity with compliance frameworks such as SOC, HIPAA, and/or HITRUST.
  • 4+ years working with AWS services, including compliance and governance services like AWS Organizations, AWS CloudTrail, AWS Config, Security Hub, and GuardDuty.
  • Proficiency in TypeScript.
  • Ability to prioritize work based on business and customer needs.
  • High bandwidth; thoughtful attention to many areas simultaneously.
  • Ability to context switch as priorities shift.
  • Philosophical alignment with Stedi Standards and Unwritten laws of engineering.

Skills

AWSTypeScriptCdkAWS LambdaApi GatewaySQSSnsDynamoDBAurora ServerlessAws OrganizationsAws CloudtrailAws ConfigSecurity HubGuarddutyHIPAA
Forus

Security Program Manager

ForusNew York, NY

Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.

Salary not listed
On-site4+ YOESecurity Engineering
Anthropic

Safeguards Enforcement Analyst, Account Takeover & Credential Abuse

AnthropicSan Francisco, CA +2

Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.

245k – 285k/yr
HybridSecurity Engineering
Zocdoc

Application Security Engineer

ZocdocUnited States

Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.

100k – 140k/yr
RemoteSecurity Engineering
Cloudflare

Detection & Mitigation Engineer

CloudflareUnited States

Security Detections Engineer identifying attacker TTPs, building real-time detections, and mitigating threats/abuse across Cloudflare's global platform using data analysis, SQL, scripting, and threat intelligence. Requires strong analytical and communication skills.

Salary not listed
HybridSecurity Engineering
Mintlify

Security & Compliance Operations Manager

MintlifySan Francisco, CA

Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.

120k – 180k/yr
On-site3+ YOESecurity Engineering