Security Software Engineer
Software engineer focused on security and privacy, improving Tailscale's security through feature development, audits, threat modeling, and spending 50% time writing code. Requires proficiency in Go or similar, security experience, and deep knowledge of vulnerabilities and cryptography.
Job Description
We’re seeking a talented software engineer, specializing in security and privacy, to help grow our product security team. We’re looking for people who can move Tailscale forward while making it safer to use. The abilities to think on your feet, collaborate with highly technical teams, and be comfortable working asynchronously are essential.
Key Responsibilities
- Improve the security properties of Tailscale by identifying opportunities for security and privacy features, bug fixes, and defense-in-depth, and implementing them across our codebase.
- Audit Tailscale features for technical security weaknesses, identifying mitigations or solutions, and driving them towards resolution.
- Support engineering decisions with threat modeling and security analysis and expertise.
- You will spend at least 50% of your time in this role writing software vs purely operational or governance security responsibilities.
What We Are Looking For
Technical
- Proficiency developing in at least one programming language (Tailscale uses Go)
- Proficiency developing for at least one application platform (e.g. iOS, Android, web, Windows, macOS, Linux)
- Prior experience in a safety-related technical role, e.g.:
- application security or application platform security
- penetration testing
- threat modeling and prioritization
- user experience design or research
- digital forensics and incident response
- Deep understanding of web application vulnerabilities (e.g., OWASP Top 10), client-side security, and common API security flaws
- Collaborate with engineering teams to promote secure coding practices and provide targeted security guidance and training
- Knowledge of cryptographic primitives and protocols
- Knowledge of common networking protocols
Team Fit
- Ability to give and process constructive feedback
- Ability to work independently and collaboratively
- Flexibility to adjust to the dynamic nature of a startup
- Take a risk-based approach to building security controls, balancing your security expertise and broad technical skillsets with practical, usable solutions
Product Security Engineer
Product Security Engineer embedding into engineering workflows to conduct architecture reviews, threat modeling, and penetration testing coordination while serving as GCP security SME. Requires 5-7 years experience and strong GCP and Python skills.
Senior Product Security Engineer II
Senior security engineer focused on offensive security testing, penetration testing, and scaling security practices across Instacart's product suite. Requires 7+ years in security engineering or pentesting with experience in mobile, cloud, or AI security.
Senior Security Engineer, GRC
Senior GRC engineer owning customer security questionnaires, compliance automation, risk assessments, and policy management across SOC 2, ISO 27001, and HIPAA. Requires 8+ years experience, scripting skills, and strong customer-facing communication.
Director, Product Security Engineering
Lead product security initiatives by embedding security into the SDLC, performing threat modeling, building security tooling, and mentoring teams. Requires 8-10+ years of product security experience and deep expertise in cloud, application, and mobile security.