Skip to content
Figma

Security Engineer

Security Engineer drives security improvements across Figma's AI, platform, product, and anti-abuse teams through assessments, tooling development, threat detection, and incident response. Requires 5+ years engineering experience, strong security judgment, and proficiency in a general-purpose language.

149k – 350kSan Francisco, CANew York, NYSecurity EngineeringRemote5+ YOE
Apply

About the role

Responsibilities

AI Security:

  • Perform technical security assessments, code audits, and design reviews for new AI infrastructure, platforms, and products.
  • Design and develop technical solutions to secure AI models, tooling, debugging workflows, and data pipelines.
  • Advocate for secure practices across Figma's AI infrastructure, platforms, and data systems.
  • Build internal AI-powered access insights and security tooling.
  • Help run penetration testing and offensive security exercises against AI infrastructure.

Platform Security:

  • Perform technical security assessments, code audits, and design reviews for cloud and corporate infrastructure changes.
  • Design and develop solutions to prevent or mitigate cloud and corporate security risks.
  • Advocate for secure practices within cloud and corporate infrastructure.
  • Build platforms and tooling to detect and respond to infrastructure and corporate security threats.

Product Security:

  • Perform technical security assessments, code audits, and design reviews for new product features.
  • Design and develop solutions to prevent or mitigate product security vulnerabilities.
  • Advocate for secure development practices across products and services.
  • Help run penetration testing, offensive security exercises, and support bug bounty program.
  • Help respond to product security incidents.

Anti-Abuse:

  • Design and build technical systems to prevent spam, fraud, and abuse.
  • Partner with product teams to identify and address potential abuse vectors.
  • Develop new signals and improve existing signals to detect abusive behavior.
  • Help respond to spam, fraud, and abuse incidents.

Requirements

  • 5+ years of proven engineering experience in Security Engineering or Software Engineering (with some security experience preferred).
  • Strong security judgment in threat modeling and risk prioritization and/or strong technical judgment in designing and building maintainable, scalable systems.
  • Proficiency in at least one general-purpose coding language.
  • Strong communication and interpersonal skills, with demonstrated experience collaborating across functions.

Nice-to-Haves

  • Subject matter expertise in Application Security, Cloud Security, Corporate Security, Data Access Governance, and/or IAM (Identity and Access Management).
  • Demonstrated ability to make hard prioritization decisions in security controls.

Skills

Threat ModelingCode AuditsDesign ReviewsPenetration TestingCloud SecurityIAMApplication SecurityPythonJavaScriptGo

Similar roles

Security Engineering jobs
Virta Health

Cloud Security Engineer

Builds and matures cloud security program for GCP/Kubernetes platform, integrating security into development lifecycle, automating vulnerability management, and refining IAM/network controls. Requires hands-on experience with app sec, IaC (Terraform), and coding in Go/Python.

149k – 188kDenver, CO +1Security EngineeringRemoteGoGCP
AKASA

IT Security Operations Engineer

IT Security Operations Engineer responsible for implementing DLP, email security, endpoint protection, Okta/Google Workspace hardening, automation, compliance evidence collection, and incident response in a hybrid healthcare AI startup.

150k – 190kSan Francisco, CASecurity EngineeringHybrid4+ YOEGoDlp
Novig

Security Engineer

Build and maintain security automation pipelines, AI agents, SOAR/SIEM integrations, vulnerability management, and IAM systems for a sports prediction market platform.

150k – 200kNew York, NYSecurity EngineeringOn-site5+ YOECdkIAM
Scale AI

Site Security Manager, Industrial Security

Oversee SCIF construction, accreditation, and operations while ensuring compliance with ICD 705, NISPOM, and national security protocols. Requires active TS clearance and 3+ years managing classified facilities.

148k – 222kWashington, DCSecurity EngineeringHybrid3+ YOEDissNiss
GitLab

Manager, Security Incident Response Team (USA)

Leads the Security Incident Response Team in the Americas, managing engineers through threat hunting, investigations, triage, and large-scale responses while coaching performance and driving process improvements using AI and automation.

150k – 235kUnited StatesSecurity EngineeringRemoteAIGCP