LocationSan Francisco, CA; New York, NY; Remote (Seattle, WA only)
Work ModeFully Remote
DepartmentSecurity
JavaScriptTypeScriptNode.js
Posted 3h ago
Develop self-service security frameworks and "paved roads" that allow engineering teams to ship secure code by default.
Focus on automated guardrails for common vulnerabilities, while prioritizing deep-dive design reviews into complex business logic and data isolation issues (for example, multi-tenant isolation and authorization/permission bypasses) that automated tools cannot catch.
Partner with product and engineering teams to review designs early, contribute to threat modeling for new features and complex initiatives, and provide clear, actionable security guidance.
Research emerging threats and evolving best practices, specifically regarding AI and LLM safety, and implement controls to secure these workflows.
Manage and evolve our approach to external penetration testing and bug bounties, driving remediation for findings and treating vulnerability management as an engineering problem.
Contribute to the long-term roadmaps, metrics, and strategic planning for the security team.
(Senior/Staff L5+) Lead complex threat modeling sessions for major product launches and define secure coding standards, and actively mentor other engineers to raise the technical security bar across the organization.