Principal Security Engineer

Responsibilities

• Lead comprehensive application security assessments, advanced threat modeling sessions, and secure code reviews across critical product features, internal tooling, endpoints, and third-party integrations.
• Collaborate strategically with product engineering to establish and enhance secure-by-default and privacy-by-design practices within the software development lifecycle (SDLC).
• Lead and otherwise participate in incident detection, investigation, triage, containment, and root cause analysis for high impact security incidents, providing mentorship and guidance to junior engineers as required. 
• Drive the development and continuous improvement of sophisticated detection rules, response automation, and optimized alert management across cloud environments, corporate infrastructure, and SaaS platforms.
• Lead and participate in complex vulnerability remediation processes, and effectively respond to security issues discovered by both internal teams and external sources.
• Document technical findings and  strategic decisions in a clear and accessible manner, and procedural enhancements; significantly contribute to comprehensive security playbooks and knowledge repositories.
• Manage and oversee asksecurity@ request handling, and actively participate in sprint-based security activities, balancing strategic and tactical execution.
• Actively participate in the security on-call rotation, or provide senior-level guidance as required during an event and aid in rapid response capabilities to protect our 24x7 platform and global workforce.

Required Qualifications

• 10+ years of robust, progressive experience in security engineering, application security, DevSecOps, incident detection and response, or closely related fields.
• Advanced proficiency in at least one programming language (Python, Ruby, Go, Rust, JavaScript), with deep experience conducting detailed code reviews and security assessments across multiple languages you may not have deep proficiency in.(Experience with  Clojure is a plus.)
• Hands-on experience with deploying, operating, and interpreting results from security tools such as static analyzers, web vulnerability scanners, supply chain analysis scanners, and host-based intrusion detection systems.
• Demonstrated experience mentoring, coaching and guiding junior and mid-level security engineers, contributing to a strong team culture, and supporting peer development as a senior individual contributor.
• Demonstrated proactive approach, strong continuous learning orientation, and curiosity about emerging threats, security trends, and innovative technologies.
• Extensive expertise securing cloud-native environments (AWS, Azure, GCP, containers, microservices), with in-depth knowledge of modern cloud security risks and defenses.
• Demonstrated ability to embrace being wrong, practice humility, continuously learn from experiences, and actively seek insights through thoughtful questioning and collaboration.
• Nice to have: exposure to  participating in security incidents, guiding penetration testing efforts, or operation of SIEM/SOAR platforms.