PostHog

Security Engineer

PostHog

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AWSCloud

About the role

  • Triage and Tune: You’ll own our Wiz alerts. You’ll be responsible for turning "noise" into "actionable findings" and ensuring we aren't just staring at a dashboard of issues that don't actually matter. We already get relatively few alerts, and we’d like to even further reduce that to just the ones that matter.
  • Incident detection, response: You’ll lead the charge on security incidents. Whether it’s a compromised NPM package or a suspicious IAM pattern, you’ll help coordinate the response and lead the post-mortem. You’ll also help build our IR runbooks.
  • Build Observability: You’ll build detection pipelines, and close our network-based observability gaps. We want to be able to trace network requests and suspicious activity all the way back to specific code paths.
  • Threat Hunting: You’ll proactively hunt for threats in our AWS environment. You won't just wait for an alert; you'll define what "good" looks like and build the telemetry to prove it.
  • The VDP: You’ll support our Vulnerability Disclosure Program, triaging reports from researchers and eventually transitioning us toward a formal bug bounty program.
  • Enable the Team: You’ll support our product squads with threat modeling and secure design reviews. We don't do "Security says no", we do "Security says 'here is how to do this safely.'"
  • Help build our security culture: Our engineers trust the security team and view security as an enabler. You’ll be a crucial part of helping to continue this excellent (and uncommon) working relationship.

Requirements

  • Cloud Native: You have 3-5+ years of experience in security engineering with a heavy focus on AWS. You know your way around IAM, VPC logs, and CloudTrail like the back of your hand.
  • Detection Specialist: You’ve used CSPM/CNAPP tools (like Wiz or Prisma) and, more importantly, you know how to build detection pipelines that engineers actually trust.
  • Battle-Tested: You’ve led incident response before. You’re calm under pressure and know how to coordinate across teams to contain a threat.
  • High Autonomy: We don’t have a security SOC. You’ll be building this function from scratch, so you need to be comfortable deciding what’s important and executing on it without a manual.
  • Engineering skills: You bring strong engineering experience and next to digging into code to understand an exploit or a vulnerability, you can write code with the same proficiency as our product engineers.
  • Communication and attitude: As mentioned before we don't do "Security says no", we do "Security says 'here is how to do this safely.'" This is crucial for us, we need people that want to enable engineers and work with them, not limit them.
Benefits
  • Transparency: Everyone can read about our roadmap, how we pay (or even let go of) people, our strategy, and how we work, in our public company handbook. Internally, we share revenue, notes and slides from board meetings, and fundraising plans, so everyone has the context they need to make good decisions.
  • Autonomy: We don’t tell anyone what to do. Everyone chooses what to work on next based on what's going to have the biggest impact on our customers, and what they find interesting and motivating to work on. Engineers lead product teams and make product decisions. Teams are flexible and easy to change when needed.
  • Shipping fast: Why not now? We want to build a lot of products; we can't do that shipping at a normal pace. We've built the company around small teams – autonomous, highly-efficient groups of cracked engineers who can outship much larger companies because they own their products end-to-end.
  • Time for building: Nothing gets shipped in a meeting. We're a natively remote company. We default to async communication – PRs > Issues > Slack. Tuesdays and Thursdays are meeting-free days, and we prioritize heads down building time over perfect coordination. This will be the most productive job you've ever had.
  • Ambition: We want to solve big problems. We strongly believe that aiming for the best possible upside, and sometimes missing, is better than never trying. We're optimistic about what's possible and our ability to get there.
  • Being weird: Weird means redesigning an already world-class website for the 5th time. It means shipping literally every product that relates to customer data. It means building an objectively unnecessary developer toy with dubious shareholder value. Doing weird stuff is a competitive advantage. And it's fun.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
security engineeringAWSIAMVPC logsCloudTrailCSPMCNAPPdetection pipelinesincident responsevulnerability assessment
Soft Skills
calm under pressurecross-team coordinationhigh autonomycommunicationcollaborationenablement mindsetproblem-solvingleadershipadaptabilitytrust-building