Software Engineer, Security
Builds internal security tooling, implements detection systems, assesses vulnerabilities, and partners with engineering teams to enhance Render's security posture. Requires 6+ years in software engineering or security with experience in secure web apps and vulnerability analysis.
Responsibilities
- Build internal tooling to enable secure access to resources (e.g., wrappers, utilities, authentication services, and proxies).
- Implement detection and monitoring systems that alert the team to high signal vulnerabilities.
- Analyze and assess security issues identified through threat modeling, penetration testing, security scans and vulnerability disclosure.
- Work with developers on sensitive code paths and educate them on secure design patterns.
- Liaise with customers regarding their security and compliance needs, and inform our security program.
- Communicate security risks and solutions to technical and non-technical stakeholders as part of company-wide planning and prioritization processes.
- Stay up-to-date with the latest security threats, vulnerabilities, and best practices and make recommendations for improvements to our security posture.
- Partner with product engineering teams to inform and build thoughtful security features for our customers.
- Continually ensure that our systems have appropriate authentication, authorization, and accounting with low internal overhead.
Requirements
- 6+ years of professional experience in software engineering or security.
- Experience designing and building secure web applications, tools, and APIs.
- Experience with vulnerability review and analysis.
- Strong incident leadership and diligent response.
- Empathy toward the rest of the team and our customers.
- Strong sense of ownership and ability to make pragmatic decisions about your work.
Nice-to-haves
- Detection engineering experience through implementation and maintenance of a SIEM.
- Experience with any of the technologies the Render product runs on: Go, Typescript, Kubernetes, Postgres, Terraform, Temporal.
- Experience with compliance frameworks such as SOC 2, ISO 27001, HIPAA or PCI.
- Proven expertise in exploiting common security vulnerabilities, demonstrating practical experience in identifying and leveraging vulnerabilities to assess security posture.
- Experience securing applications and systems through threat modelling and risk assessments.
- Active participation and contributions to the security community through public research, blogging, presentations, and other means.
Benefits
- Equity with early-exercise options and extended exercise windows.
- 4 weeks of paid vacation.
- 14 weeks of fully paid parental leave.
- Long-term disability, life insurance, and 401K plans.
- 100% employer-paid medical coverage and 99% employer-paid dental and vision coverage for you and a dependent. FSAs and HSAs are available.
- Monthly lifestyle stipend for wellness, mental health and therapy, hobbies, etc.
- Monthly cell phone and internet subsidy.
- Commuter benefits for Renders in the Bay Area, and home office stipends for remote Renders.
- Continuous learning benefits & related support.
Product Security Engineer
Product Security Engineer embedding into engineering workflows to conduct architecture reviews, threat modeling, and penetration testing coordination while serving as GCP security SME. Requires 5-7 years experience and strong GCP and Python skills.
Senior Product Security Engineer II
Senior security engineer focused on offensive security testing, penetration testing, and scaling security practices across Instacart's product suite. Requires 7+ years in security engineering or pentesting with experience in mobile, cloud, or AI security.
Staff Software Engineer, Security
Staff Security Software Engineer designing and building scalable security infrastructure, identity systems, and compliance automation platforms. Requires 8+ years software engineering experience with deep Kubernetes, Go/Rust, and cloud platform expertise.