Lead secure design reviews, threat modeling, and security-focused code reviews across the product and platform.
Ensure security is ingrained into the SDLC so that the secure path is the easy path for engineers with secure-by-default libraries, patterns, and guardrails.
Own authentication, authorization, API security, and data protection architecture for a multi-tenant SaaS platform.
Architect and maintain security tooling integrated into CI/CD pipelines: static analysis, dependency scanning, secrets detection.
Evaluate and mitigate risks specific to Fieldguide's AI Agents — prompt injection, data leakage through LLM contexts, unauthorized tool use, and unintended agent behaviors.
Partner with Agent and Platform teams to define security boundaries for agent execution: sandboxing, least-privilege tool access, and runtime policy enforcement.
Build and run Fieldguide’s vulnerability management program: scanning, triage, SLA-driven remediation tracking, and engineering coordination.
Ensure visibility into vulnerability posture across application code, dependencies, and infrastructure.
Manage external penetration testing engagements, bug bounty programs, and coordinate remediation of findings.
Partner with infrastructure engineering to review and improve cloud security across our AWS environment: IAM, network architecture, secrets management, and logging.
Establish runbooks, communication protocols, and post-incident review practices in coordination with a 24/7 MDR team.
Collaborate with engineers on incident response processes and playbooks.
Partner with Compliance to ensure technical controls satisfy framework requirements (SOC 2, ISO 27001, ISO 42001, FedRAMP).

Requirements

8+ years in security with a primary background in application security, product security, or security-focused software engineering.
Track record of building or significantly maturing a security program, ideally at a growth-stage SaaS company.
Strong programming skills with demonstrated experience writing production software.
Familiarity with AWS security services and patterns: IAM, VPC, CloudTrail, KMS.
Experience with threat modeling methodologies and secure design review processes.
Experience managing external penetration tests and coordinating remediation.
Familiarity with AI/LLM security considerations and emerging risks in agentic AI systems is a plus.
Experience supporting compliance frameworks (SOC 2, ISO 27001, NIST, FedRAMP) from the technical controls side is a plus.

Benefits

Competitive compensation packages with meaningful ownership
Flexible PTO
401k
Wellness benefits
Technology & Work from Home reimbursement
Flexible work schedules

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

application securityproduct securitysecurity-focused software engineeringthreat modelingsecure design reviewvulnerability managementincident responseprogrammingAPI securitydata protection architecture

Soft Skills

leadershipcollaborationcommunicationproblem-solvingrisk assessmentcoordinationorganizational skillsincident managementstakeholder engagementprocess improvement

Certifications

SOC 2ISO 27001ISO 42001FedRAMPNIST