Skip to content
Socket

Staff Security Engineer

Owns end-to-end security including application, cloud infrastructure, operational security, incident response, and compliance at a growth-stage security company. Ships production TypeScript, builds tooling, and drives security roadmap while fostering engineering culture.

United StatesSecurity EngineeringRemote
Apply

About the role

Responsibilities

  • Improve Socket's security posture: own application security, cloud infrastructure hardening, operational security, and IT security.
  • Write code and build tooling to make the secure path the default for engineers.
  • Roll out identity and access controls, close gaps across the stack, and continuously reduce risk.
  • Assess, prioritize, and drive the security roadmap; balance quick wins with longer-term improvements.
  • Run incident response and external security operations: build 24/7 process, triage vulnerability reports, manage pentests, coordinate fixes.
  • Maintain SOC 2 compliance and drive new certifications (e.g., ISO 27001).
  • Raise security awareness: train engineers, run phishing simulations, build trust with teams.

Requirements

  • Owned security broadly at a growth-stage company or strong software engineer moving into full security ownership.
  • Ship production TypeScript.
  • Breadth across security domains (AppSec, CloudSec, OpSec) with fast learning.
  • Fluent in cloud infrastructure (GCP): VPCs, IAM, secret management, networking.
  • Self-directed operator who executes across fronts without direction.

Nice-to-Haves

  • Communication and teaching skills to foster security culture.

Benefits

  • Market competitive salary bands.
  • Meaningful equity program.
  • Comprehensive health benefits.
  • Flexible time-off, holidays, winter shutdown.
  • Paid parental leave.
  • Remote-first with quarterly off-sites.

Skills

TypeScriptGCPIAMVpcsAppsecCloudsecOpsecSOC 2ISO 27001Incident Response

Similar roles

Security Engineering jobs
Perplexity

Member of Technical Staff

Conduct original research on AI system security and privacy, develop defenses and evaluation frameworks, and translate findings into production improvements at Perplexity. Requires PhD or equivalent with publications at top security venues and deep expertise in security domains.

220k – 405kSan Francisco, CASecurity EngineeringOn-site7+ YOEGoRust
Reddit

Staff Software Engineer, Identity & Access Management

Staff Software Engineer on the IAM team designing, delivering, and supporting digital identity, authentication, and access systems. Requires 10+ years backend experience, deep IAM expertise, and proficiency in Go/Python/Java/TypeScript.

217k – 304kUnited StatesSecurity EngineeringRemote10+ YOEGoSQL
Rippling

Staff Product Security Engineer

Hands-on staff security engineer building guardrails, tooling, and automations to secure Rippling's web applications. Requires 10+ years in product security, fluency in Python/React/DRF, and experience embedding security into SDLC and CI/CD.

189k – 315kSeattle, WA +2Security EngineeringHybrid10+ YOESSOSAML
Okta

Staff Security Engineer

Staff Security Engineer embedded in TDI to build centralized security posture analytics, automate issue tracking and remediation, and drive AI-powered risk management across AWS, SaaS apps, and enterprise systems.

134k – 185kSan Francisco, CASecurity EngineeringOn-site10+ YOEAWSSnyk
Okta

Staff Software Engineer, Security Engineering

Staff-level engineer designing and building security guardrails for multi-cloud environments, translating security standards into code-driven policies. Requires 8+ years in cloud security with deep expertise in Kubernetes, IAM, and Policy-as-Code.

174k – 239kBellevue, WA +3Security EngineeringHybrid8+ YOEGoEKS