Security Engineer

Identity and access management - provisioning, lifecycle operations, and monitoring for critical changes

Security reviews across our product portfolio - threat modeling, code review, fuzzing, and functional testing

Day-to-day bug bounty operations - triage, remediation tracking, and escalation of high-severity findings

AI security research and tooling - adversarial testing frameworks for agent controls, with a focus on reusable patterns

Software supply chain monitoring - malicious package detection beyond standard CVE scanning

External penetration test coordination - scoping, logistics, and post-engagement remediation tracking

Compliance documentation and evidence gathering as requirements emerge

A software engineering background is essential - you've built production systems and that foundation shapes how you approach security

You've since moved into product security and are fluent in the full lifecycle: threat modeling, secure design review, whitebox code review, and vulnerability testing

Solid understanding of identity and access management concepts and tooling

Genuine interest in AI security with the ability to build adversarial testing tooling

A thoughtful approach to software supply chain risk beyond checkbox scanning

Strong written communication - documentation is a real part of this job

Comfortable with high ownership and working autonomously on a small team

Bachelor's degree in Computer Science, Computer Engineering, or a related technical field

5+ years of professional experience, with a meaningful portion in software engineering before transitioning into security

Proficiency in at least one systems or backend language (e.g. Rust preferred, Go, Python, C++) - you will be expected to write code, build tooling, and read production codebases as a routine part of this role

Demonstrated experience in product or application security - not solely infrastructure or compliance-focused roles

Track record of building security tooling or automation from scratch

Experience conducting or leading security reviews on production software systems

Hands-on experience with mobile device management (MDM) platforms and endpoint policy enforcement

Familiarity with enterprise IAM systems and SSO - configuration, integration, and audit

Experience with privileged access management (PAM) tooling and the operational patterns around it

Strong Linux administration skills - comfortable at the command line, understanding of kernel-level security primitives, and experience hardening Linux environments

Experience with multisig schemes - signing policy design, quorum configuration, or key management in a production context

Familiarity with hardware security modules (HSMs) - integration, key lifecycle management, or operational use

Exposure to trusted execution environments (TEEs) - understanding of attestation, confidential compute, or secure enclave design