Skip to content

Senior Staff Security Engineer - Network Security

Leads edge and network security strategy, owning Cloudflare WAF, DDoS protection, Zero Trust, and AWS perimeter controls. Partners with teams to implement layered defenses, policy-as-code, detections, and AI-assisted automations. Requires 10+ years experience with deep Cloudflare and network expertise.

230k – 270kSan Francisco, CASecurity EngineeringHybrid10+ YOE

About the role

Responsibilities

  • Design and operate Gusto's edge security stack including Cloudflare WAF, DDoS protection, Bot Management, WARP, Gateway, and Access, tuning rules against real traffic and shaping how engineers and operations teams reach internal systems securely.
  • Own the network security perimeter across AWS and the edge: VPC design, Network Firewall, Shield, CloudFront, NACLs, and egress filtering, all codified in Terraform and Crossplane, observable, and consistently enforced.
  • Develop policy-as-code patterns for WAF rules, network policies, and edge configuration so changes ship through pull requests with review, testing, and clean rollback paths.
  • Build detections and alerting on edge and network telemetry including Cloudflare logs, VPC Flow Logs, and CloudTrail flowing into Panther, and lead incident response for perimeter and network events.
  • Contribute broadly across the security engineering surface including cloud posture, container security, IAM, vulnerability management, and on-call, bringing a strong generalist instinct to wherever the work is most critical.
  • Operate as an AI-native engineer, using Claude Code, MCP-driven tooling, and agentic workflows as a daily force multiplier across investigation, automation, and detection engineering.
  • Prototype and ship agents, custom MCP servers, and LLM-assisted automations that compress security work from days to minutes and raise the bar for what one engineer can own.

Requirements

  • 10+ years of hands-on security engineering experience, with significant time owning edge, network, or perimeter security at scale.
  • Deep, production-grade expertise with Cloudflare's security stack including WAF, DDoS, Bot Management, WARP, Gateway, and Access, covering rule tuning, incident response, and Zero Trust rollouts.
  • Strong network architecture skills across edge and cloud: TLS/mTLS, segmentation, egress controls, DDoS resilience, and AWS networking including VPC, Network Firewall, Shield, CloudFront, and NACLs.
  • Fluency with policy-as-code, Terraform, and CI/CD-first delivery of security controls; Crossplane or similar a plus.
  • Solid generalist foundation across cloud security, IAM, container security, and detection engineering, with hands-on incident response experience on edge and network telemetry in a modern SIEM.
  • AI-native working style with daily use of Claude Code or equivalent agentic tooling, and a track record of building AI-assisted workflows including custom MCP servers, agents, and LLM automations that compound team output.
  • Excellent written and verbal communication; you can take a complex perimeter decision and explain the tradeoffs to a staff engineer, a PM, and a VP without changing the substance.
  • Relevant certifications a plus including AWS Certified Advanced Networking Specialty, AWS Certified Security Specialty, Cloudflare Certified Security Associate/Professional, CKS, or equivalent.

Compensation

  • Cash compensation targeted at $230,000/yr to $270,000/yr for San Francisco.
  • Stock equity is additional.

Skills

Cloudflare WafCloudflare DdosCloudflare Zero TrustTerraformAws VpcAws Network FirewallAws ShieldCloudfrontPanther SiemCrowdstrikeWizTinesCrossplanePolicy-As-CodeCI/CD

Staff Product Security Engineer - Customer Platform

Leads product security architecture for multi-tenant SaaS platform, implementing secure customer-facing features like IAM, encryption, and access controls. Conducts threat modeling, design reviews, and collaborates cross-functionally on compliance and risk mitigation. Requires 8+ years in security engineering with SaaS expertise.

231k – 272kNew York, NY +1Security EngineeringRemote8+ YOEGCPIAM

Staff Security Engineer - SecOps & Threats

Leads SecOps and threat response, including incident handling, forensics, automation building, and threat exercises. Requires 5+ years in Security Operations, automation experience, and familiarity with security tools like SIEM, SOAR, and AWS.

231k – 266kUnited StatesSecurity EngineeringRemote5+ YOEAWSSIEM

Senior Staff Software Engineer - Security Infrastructure

Leads security infrastructure engineering at Databricks, plugging gaps in services, building large-scale distributed systems, and defining data security strategy. Requires 9+ years in security, 15+ in distributed systems, MS/PhD, and expertise in areas like Kubernetes security and cryptography.

228k – 304kMountain View, CASecurity EngineeringOn-site9+ YOEPrivacyKubernetes

Staff Application Security Engineer

Lead application security initiatives as a technical leader on a new security team. Drive threat modeling, secure SDLC, code reviews, vulnerability management, and AI security for a healthcare AI platform.

228k – 290kSan Francisco, CASecurity EngineeringHybrid10+ YOEGCPIAM

Senior Staff Software Engineer - IAM

Leads IAM and security engineering to enhance platform trust, plugs infrastructure gaps, and builds large-scale distributed systems. Requires 9+ years in data security, 15+ years in distributed systems, MS/PhD, and expertise in IAM, Kubernetes security, cryptography.

232k – 313kMountain View, CASecurity EngineeringOn-site9+ YOEPrivacyGovernance