Identify and address security risks through comprehensive assessments, mitigation strategies, and execution.
Ensure secure coding and implement systems to protect against unauthorized access and data breaches.
Develop and execute incident response plans, conduct forensic analysis, and take preventive measures.
Maintain compliance with regulations and industry standards, promote transparency, and address ethical concerns.
Establish real-time monitoring systems, conduct regular assessments, and proactively respond to threats.
Evaluate and secure third-party integrations to prevent vulnerabilities.
Educate and raise awareness for security best practices across the engineering team.
Maintain up-to-date documentation on protocols, incidents, and improvements; report regularly to stakeholders.

Requirements

5+ years in a security-focused engineering role, with hands-on technical architecture, implementation, and oversight experience
Expertise in SAST/DAST, application security, and CI/CD pipeline integration
Deep knowledge of AI-specific threats (prompt injection, model poisoning, membership inference, adversarial perturbation, output manipulation)
Experience implementing security principles, operating system and web application security, and familiarity with the OWASP Top 10 and common threat tactics
Knowledge of next-generation security technologies (SASE, CASB, RASP)
Hands-on experience with patch management, software supply chain security, and artifact repositories (e.g., JFrog, Snyk)
Strong programming or scripting skills in at least one language (e.g., Python, Ruby, Node.js)
Relevant cybersecurity certification (CISSP, CISM, CISA, CRISC, GIAC, etc.)
Up-to-date on technology and vulnerability trends; ability to secure cloud computing applications and ecosystems
Application/infrastructure-level security design experience, including modern mitigation techniques (e.g., DNS-SEC, cryptographic fundamentals)
Strong automation skills with Python

Benefits

Choice of medical, dental, and vision insurance plans for you and your family
Additional insurance coverage options for life, accident, or critical illness
Flexible paid time off, sick leave, short-term and long-term disability
10 US observed holidays, and Canadian statutory holidays by province
A home office stipend
401(k) for US-based employees and RRSP for Canada-based employees
Paid parental leave
A local in-person meet-up program
Hubs in San Francisco and Toronto

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

SASTDASTapplication securityCI/CD pipeline integrationAI-specific threatsoperating system securityweb application securitypatch managementsoftware supply chain securityautomation with Python

Soft Skills

communicationeducationawareness raisingtransparency promotionethical concern addressing

Certifications

CISSPCISMCISACRISCGIAC