Security Engineer

About the role We are expanding our security team and seeking an engineer who can manage a wide range of operational and technical tasks. This individual should be proficient in handling access requests, conducting security reviews, and developing testing frameworks. The role will directly report to the Head of Security and collaborate closely to enhance and expand our security protocols across the company.

Responsibilities:

• Manage identity and access processes for critical operations, including provisioning, monitoring, and lifecycle management.
• Perform security evaluations across our product selection, incorporating threat modeling, code reviews, fuzzing, and functional testing.
• Handle day-to-day bug bounty operations, such as assessing, tracking remediation, and escalating high-severity findings.
• Conduct AI security exploration and develop testing frameworks for controls mechanisms, focusing on reusable tactics.
• Monitor software supply chains for suspicious packages above standard vulnerability scanning.
• Coordinate external penetration tests, handle scoping, logistics, and oversee post-engagement remediation activities.
• Maintain compliance documentation and gather required evidence as guidelines evolve.

Who You Are:

• An essential software engineering background with a history of creating production systems that informs your security approach.
• Transitioned into product security and possess expertise in the entire lifecycle, from threat modeling to secure design reviews and vulnerability assessments.
• A solid grasp of identity and access management principles and tools.
• Genuine enthusiasm for AI security and the ability to create adversarial testing tools.
• A discerning attitude towards software supply chain risks beyond routine scanning.
• Proficient in written communication since documentation is an integral aspect of the role.
• Comfortable taking ownership and working autonomously within a smaller team setup.

Qualifications:

• Hold a Bachelor's degree in Computer Science, Computer Engineering, or a relevant technical field.
• Possess over 5 years of professional experience, with a significant portion in software engineering before moving into security roles.
• Proficiency in at least one systems or backend language (e.g., Rust preferred, Go, Python, C++) as the role involves coding, tool creation, and analyzing production codebases.
• Demonstrated experience in product or application security, not limited to infrastructure or compliance-focused roles.
• Proven track record of building security tools or automation from scratch.
• Experience in conducting or leading security reviews on live software systems.

Nice-to-Have:

• Hands-on experience with mobile device management (MDM) platforms and endpoint policy enforcement.
• Familiarity with enterprise IAM systems and SSO, covering configuration, integration, and audit procedures.
• Involvement with privileged access management (PAM) tools and relevant operational practices.
• Strong Linux administration skills, command line proficiency, comprehension of kernel-level security basics, and experience in securing Linux environments.
• Experience with multisig schemes, including signing policy design, quorum configuration, or key management in production settings.
• Familiarity with hardware security modules (HSMs), specifically in integration, key lifecycle management, or operational practices.
• Exposure to trusted execution environments (TEEs) like attestation, confidential compute, or secure enclave designing.

Benefits:

• Competitive compensation above the market average with multiple forms of equity.
• Company-sponsored team retreats and conferences covering all expenses.
• Weekly meal voucher and additional perks.