Skip to content
SourcegraphSourcegraphUnited States

Security Engineer

Security Engineer focused on security operations, incident response, monitoring/alerting, and securing SaaS applications and infrastructure. Requires Go experience, Elastic Stack, GCP, and on-call rotation participation.

72k – 144k
Remote5+ YOESecurity Engineering

About the role

Responsibilities

  • Build world-class security into product offerings through security operations
  • Maintain and improve monitoring and alerting stack
  • Participate in on-call rotations and respond to security incidents
  • Conduct application security testing and manage bug bounty programs
  • Perform security reviews for application and infrastructure security
  • Proactively improve security of codebase, product, cloud, and customers' on-premise deployments
  • Discover, fix, and mitigate infrastructure vulnerabilities by updating libraries, base images, and analyzing containers
  • Maintain internal systems and automations for alert triaging
  • Triage, troubleshoot, and mitigate customer security concerns
  • Enhance application security through audits, best practices, code fixes, and continuous education
  • Perform reactive incident response during security events
  • Conduct proactive research to detect new attack vectors
  • Perform threat modeling for existing and future applications
  • Assess and integrate new tools and technologies to improve operational efficiencies
  • Help maintain compliance with SOC 2, ISO 27001, and GDPR standards

Requirements

  • Practical experience reviewing SIEM alerts and participating in on-call rotations
  • Practical experience securing SaaS applications as a security generalist, including infrastructure security, application security, and/or compliance
  • Experience with Go, including writing and maintaining internal tooling along with code reviews
  • Experience with Elastic stack and GCP
  • Experience using and automating a wide range of defensive security tools
  • Experience working across engineering teams to secure projects across the organization
  • High agency and effective written communication and documentation skills

Nice to Haves

  • Experience developing software as an engineer (writing code and contributing directly to applications)
  • Experience working in a startup environment
  • Experience with TypeScript and Terraform
  • Experience with Kubernetes
  • Experience securing AI products

Skills

GoElastic StackGCPSIEMTerraformKubernetesTypeScriptSOC 2ISO 27001GDPR
Oneleet

Security Program Manager

OneleetBeaverton, OR

Assess client security postures, develop customized security programs using frameworks like NIST and SOC2, provide implementation guidance, and collaborate with auditors and internal teams to achieve compliance goals.

75k – 140k
Remote3+ YOESecurity Engineering
Astra

GRC Program Manager

AstraUnited States

Owns end-to-end execution of GRC programs including SOC 1/2, PCI DSS, and ISO 27001 audits, control design, risk assessments, and vendor management. Partners with engineering to implement technical controls and documentation for scalable compliance in fintech.

95k – 135k
Remote3+ YOESecurity Engineering
Harvey

Compliance Analyst

HarveySan Francisco, CA

This Compliance Analyst role at Harvey involves owning and maintaining compliance documentation, coordinating evidence collection, and supporting third-party assessments. The role requires hands-on compliance work, close collaboration with Engineering and Security teams, and a detail-oriented approach to ensure program health and continuous monitoring.

99k – 149k
Hybrid3+ YOESecurity Engineering
Zocdoc

Application Security Engineer

ZocdocUnited States

Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.

100k – 140k
RemoteSecurity Engineering
Trail of Bits

Security Engineer, Application Security

Trail of BitsUnited States

Conduct low-level code security assessments, architecture reviews, and threat modeling for client applications. Build custom security tools bridging vulnerability research and application security. Requires manual code review, binary analysis, and programming proficiency in multiple languages.

100k – 200k
Remote5+ YOESecurity Engineering