Builds security tools, automations, and AI agents to enhance detection, response, vulnerability management, and overall security posture. Requires 4+ years experience in software engineering with security focus, proficiency in Python/Go/TypeScript, and familiarity with SIEM/EDR/cloud systems.
210k – 385k/yr
On-site4+ YOESecurity Engineering
About the role
Responsibilities
Design, build, and maintain software and automation that improves our detection and response program, including alert enrichment, triage workflows, and investigation tooling.
Implement and enhance internal AI agents and security bots that assist with monitoring, investigations, reporting, and other security operation tasks.
Develop and operate systems and workflows that support the bug bounty and vulnerability disclosure program, including intake, triage, prioritization, and remediation tracking.
Partner with product and engineering teams to threat model new features and systems, propose mitigations, and add guardrails into designs and implementations.
Contribute to secure-by-default libraries, services, and patterns that make it easy for teams to build secure features.
Integrate security signals from cloud, endpoints, SaaS, and applications into cohesive pipelines and data models that support detection and analysis.
Build automation to reduce manual work in incident response, containment, and remediation.
Collaborate with security engineers and other software engineers to review designs and code, and to continuously improve our security tooling and platforms.
Qualifications
4+ years of experience as a software engineer with significant time spent building security-related tools, platforms, or automations, or in a security engineering role with strong software development responsibilities.
Proficiency in at least one major programming language (Python, Go, or TypeScript) and experience building production services, CLIs, or internal tools.
Experience integrating with security-relevant systems such as logging pipelines, SIEMs, EDR, cloud APIs, or identity platforms.
Practical experience with threat modeling, secure design, or application security reviews for services or features.
Experience operating or contributing to bug bounty or vulnerability management programs is a plus.
Familiarity with cloud infrastructure (AWS preferred) and modern SaaS environments.
Ability to work closely with cross-functional teams, own projects end-to-end, and ship pragmatic, high-impact improvements.
Bonus: Experience designing or improving AI-powered agents or automation used for security operations.
Mid-level Infrastructure Vulnerability Management Engineer responsible for cloud security posture, IaC scanning, container vulnerability management, and compliance tracking across multi-cloud environments. Requires 5+ years in cloud security/DevSecOps with deep GCP expertise.
210k – 270k/yr
Hybrid5+ YOESecurity Engineering
Security Engineer - Vuln Management (Code)
ReplitFoster City, CA
Mid-level AppSec Vulnerability Management Engineer who identifies application vulnerabilities, manages SBOM and supply chain security, and drives compliance tracking for SOC 2, ISO 27001, and PCI-DSS. Requires 5+ years in AppSec/DevSecOps with strong coding skills in JS/TS, Python, and Go.
210k – 270k/yr
Hybrid5+ YOESecurity Engineering
Security Engineer, Cloud
RampNew York, NY +1
Build and enhance cloud security infrastructure, drive security roadmap, remediate issues, and partner with teams for secure deployments. Requires 5+ years software experience, 3+ years AWS with Terraform.
211k – 291k/yr
Hybrid5+ YOESecurity Engineering
Model Policy Manager
OpenAISan Francisco, CA
Defines and maintains policies for AI model behavior in high-risk domains like agentic systems and user safety. Collaborates with research, engineering, and product teams to operationalize policies into measurable safeguards using empirical data and red-teaming.
207k – 295k/yr
HybridSecurity Engineering
Model Policy, Frontier Cyber Risk
OpenAISan Francisco, CA
Develops and maintains AI model policies for high-risk cybersecurity domains, translating threat models into behavioral specifications, evaluations, and mitigations. Collaborates with research, engineering, and safety teams to ensure technically grounded, enforceable safeguards against dual-use risks.