Security Engineer

Responsibilities

• Contribute to application security assessments, threat modeling, and secure code reviews across product features, internal tools, endpoints, and third-party integrations.
• Collaborate directly with product engineering to implement secure-by-default and privacy-by-design best practices within our software development lifecycle (SDLC).
• Actively participate in, investigate and respond to security incidents, including detection, triage, containment, and root cause analysis.
• Gain experience and mentorship from seasoned security professionals while contributing to a growing, collaborative, and high-impact global security team.
• Build and enhance security detection rules, automate response workflows, and optimize alert management across cloud environments, corporate infrastructure, and SaaS platforms.
• Contribute to internal penetration tests, security-centered engineering follow-ups, and respond effectively to vulnerabilities identified by internal teams and external sources.
• Continuously Improve tooling, visibility, and workflows for security across our environments (e.g. Github, DAST/SAST, infrastructure scanners, SIEM/SOAR, etc.)
• Clearly document finding, decisions, and processes clearly and contribute to security playbooks and knowledge bases.
• Respond to security requests via asksecurity@ and contribute to sprint-led initiatives, balancing strategic priorities with day-to-day execution and security operations.
• Support in on-call rotations to maintain continuous security coverage and promptly respond to incidents, ensuring the security and resilience of our 24x7 platform and global workforce.

Required Qualifications

• 4+ years of progressive experience in security engineering, application security, DevSecOps, detection and response, or related security discipline and proven ability to engage effectively across these domains.
• Working knowledge of at least one programming language (Python, Ruby, Go, Rust, Javascript) and comfortable reading and critically reviewing code in languages you may not have deep proficiency in.
• Familiarity with cloud-native architectures (e.g. AWS, containers, microservices) and an understanding of common cloud security risks and mitigations.
• Experience with deploying, operating, and interpreting results from security tools such as static analyzers, web vulnerability scanners, supply chain analysis scanners, and host-based intrusion detection systems.
• Understanding of CI/CD environments and ability to integrate security into DevOps workflows. 
• Practical experience with incident response, SIEM/SOAR, or participation in penetration testing as part of a security operations function. 
• Demonstrated proactive approach, eagerness towards continuous learning mindset, and genuine curiosity about emerging security trends, threats, and technologies.