Sift

Founding Security Engineer

Sift

full-time

Posted on:

Origin:  • 🇺🇸 United States • California

Visit company website
AI Apply
Manual Apply

Salary

💰 $170,000 - $220,000 per year

Job Level

Mid-LevelSenior

Tech Stack

AWSCloudCyber SecurityGrafanaKubernetesPrometheusSplunk

About the role

  • About Sift: platform providing engineers real-time observability over high-frequency telemetry for mission-critical systems.
  • Founding Security Engineer will define posture, architecture, and practices to keep products and infrastructure secure in demanding environments.
  • Own Sift’s security posture end-to-end with primary focus on technical security engineering, building controls, and automating compliance.
  • Work directly with customers, auditors, and internal teams; support third-party/vendor security assessments and readiness for audits.
  • Technical responsibilities: build secure CI/CD pipelines with embedded scanning; operate and tune SIEM/EDR; secure multi-cloud (AWS GovCloud), Kubernetes, and on-prem environments; implement zero-trust networking and SASE/ZTNA; improve visibility and observability.
  • Compliance responsibilities: partner with external compliance firms to align with SOC 2, ISO 27001, NIST 800-171, FedRAMP, and CMMC; support audits and provide technical evidence; deliver company-wide security awareness training.

Requirements

  • 5+ years in cybersecurity, product security, or cloud security roles, ideally in high assurance or regulated industries.
  • Hands-on experience securing AWS or an equivalent cloud service provider (GovCloud preferred) and Kubernetes-based environments, with strong infrastructure as code practices.
  • Familiarity with compliance frameworks and experience partnering with compliance specialists to implement technical controls (SOC 2, ISO 27001, NIST 800-171, FedRAMP, CMMC).
  • Deep understanding of network, endpoint, and identity security principles.
  • Experience with security tooling and integration into operational workflows (SIEM/EDR, ELK, Datadog, Splunk, CrowdStrike, Prometheus, Grafana).
  • Ability to translate abstract security and regulatory requirements into clear, actionable engineering work.
  • Experience handling customer-facing security reviews and responding to technical security inquiries.
  • Clear communicator with both technical and non-technical stakeholders; customer-facing presence for audits and enterprise assurance.
  • Collaborative partner to infra and product teams; high ownership, adaptability, integrity, and discretion.
  • Comfortable operating as a team of one initially with vision to build and lead a security function over time.