Skip to content

Security Engineer

Security Engineer drives security improvements across Figma's AI, platform, product, and anti-abuse teams through assessments, tooling development, threat detection, and incident response. Requires 5+ years engineering experience, strong security judgment, and proficiency in a general-purpose language.

149k – 350kSan Francisco, CANew York, NYSecurity EngineeringRemote5+ YOE

About the role

Responsibilities

AI Security:

  • Perform technical security assessments, code audits, and design reviews for new AI infrastructure, platforms, and products.
  • Design and develop technical solutions to secure AI models, tooling, debugging workflows, and data pipelines.
  • Advocate for secure practices across Figma's AI infrastructure, platforms, and data systems.
  • Build internal AI-powered access insights and security tooling.
  • Help run penetration testing and offensive security exercises against AI infrastructure.

Platform Security:

  • Perform technical security assessments, code audits, and design reviews for cloud and corporate infrastructure changes.
  • Design and develop solutions to prevent or mitigate cloud and corporate security risks.
  • Advocate for secure practices within cloud and corporate infrastructure.
  • Build platforms and tooling to detect and respond to infrastructure and corporate security threats.

Product Security:

  • Perform technical security assessments, code audits, and design reviews for new product features.
  • Design and develop solutions to prevent or mitigate product security vulnerabilities.
  • Advocate for secure development practices across products and services.
  • Help run penetration testing, offensive security exercises, and support bug bounty program.
  • Help respond to product security incidents.

Anti-Abuse:

  • Design and build technical systems to prevent spam, fraud, and abuse.
  • Partner with product teams to identify and address potential abuse vectors.
  • Develop new signals and improve existing signals to detect abusive behavior.
  • Help respond to spam, fraud, and abuse incidents.

Requirements

  • 5+ years of proven engineering experience in Security Engineering or Software Engineering (with some security experience preferred).
  • Strong security judgment in threat modeling and risk prioritization and/or strong technical judgment in designing and building maintainable, scalable systems.
  • Proficiency in at least one general-purpose coding language.
  • Strong communication and interpersonal skills, with demonstrated experience collaborating across functions.

Nice-to-Haves

  • Subject matter expertise in Application Security, Cloud Security, Corporate Security, Data Access Governance, and/or IAM (Identity and Access Management).
  • Demonstrated ability to make hard prioritization decisions in security controls.

Skills

Threat ModelingCode AuditsDesign ReviewsPenetration TestingCloud SecurityIAMApplication SecurityPythonJavaScriptGo

Cloud Security Engineer

Builds and matures cloud security program for GCP/Kubernetes platform, integrating security into development lifecycle, automating vulnerability management, and refining IAM/network controls. Requires hands-on experience with app sec, IaC (Terraform), and coding in Go/Python.

149k – 188kDenver, CO +1Security EngineeringRemoteGoGCP

IT Security Operations Engineer

IT Security Operations Engineer responsible for implementing DLP, email security, endpoint protection, Okta/Google Workspace hardening, automation, compliance evidence collection, and incident response in a hybrid healthcare AI startup.

150k – 190kSan Francisco, CASecurity EngineeringHybrid4+ YOEGoDlp

Security Engineer

Build and maintain security automation pipelines, AI agents, SOAR/SIEM integrations, vulnerability management, and IAM systems for a sports prediction market platform.

150k – 200kNew York, NYSecurity EngineeringOn-site5+ YOECdkIAM

Site Security Manager, Industrial Security

Oversee SCIF construction, accreditation, and operations while ensuring compliance with ICD 705, NISPOM, and national security protocols. Requires active TS clearance and 3+ years managing classified facilities.

148k – 222kWashington, DCSecurity EngineeringHybrid3+ YOEDissNiss

Manager, Security Incident Response Team (USA)

Leads the Security Incident Response Team in the Americas, managing engineers through threat hunting, investigations, triage, and large-scale responses while coaching performance and driving process improvements using AI and automation.

150k – 235kUnited StatesSecurity EngineeringRemoteAIGCP