Lead Security Engineer
Swiftly, Inc.
full-time
Posted on:
Location Type: Remote
Location: Remote • California • 🇺🇸 United States
Visit company websiteSalary
💰 $140,000 - $200,000 per year
Job Level
Senior
Tech Stack
AWSCloudIoTTerraform
About the role
- Own Swiftly's security risk register and threat models; identify, prioritize, and drive remediation of risks across application and infrastructure.
- Design secure architectures for our SaaS platform, mobile applications, and IOT/Hardware Integration, focusing on authentication, authorization, data protection, and network boundaries.
- Recommend, implement, and manage security tools end-to-end.
- Build DevSecOps guardrails into CI/CD so vulnerabilities, misconfigurations, and license issues surface early.
- Conduct internal security assessments and coordinate engagements with external penetration testers.
- Own security policies and standards; ensure they're practical, adopted, and measurable.
- Define standards for secure adoption of AI coding assistants, building reusable patterns, custom configurations, and guardrails that help developers move fast safely.
- Lead renewals and continuous readiness for existing certifications like SOC 2.
- Proactively identify security frameworks required for international expansion; scope cost, level of effort, and timelines to inform market entry decisions; and lead execution of new certifications.
- Respond to customer security and compliance inquiries and support product marketing with security content.
- Design and maintain security incident response plans, playbooks, and escalation paths.
- Serve as an escalation point for security incidents; lead triage, root cause analysis, and remediation.
- Define and maintain security KPIs and dashboards for executive and board reporting.
- Give teams visibility into their security posture and coach them to improve.
- Influence roadmap prioritization to ensure security and compliance are first-class concerns.
- Mentor engineers in secure design and help grow a security-aware culture across Swiftly by delivering security training and office hours for developers and other stakeholders.
- Drive corporate IT security strategy, including endpoint hardening, email security, IAM standards, and periodic access reviews.
Requirements
- 5+ years of experience in security engineering with both strategic and hands-on work
- Strong experience securing cloud-native environments (AWS preferred), including IAM, networking, logging/monitoring, and secrets management
- Hands-on experience with infrastructure-as-code (Terraform) and policy-as-code frameworks (OPA, Sentinel, or similar)
- Background building security into CI/CD pipelines and development workflows
- Familiarity with container and orchestration security
- Excellent threat modeling and risk assessment skills; able to translate complex risks into clear options and tradeoffs
- Experience with compliance frameworks (SOC 2 preferred) and audit processes
- Strong communication skills; comfortable working across technical and non-technical teams
- Self-directed and comfortable operating with autonomy.
Benefits
- Competitive salary
- Equity compensation (company ownership) for every employee
- Medical, Dental and Vision
- Retirement with Employer Match
- Flexible Spending Account (FSA)
- Home office setup reimbursement
- Monthly cell/internet reimbursement
- Monthly "Be Well" stipend
- Flexible PTO with a recommended minimum
- Flexible work environment
- 16 paid holidays - including months without US national holidays
- 8 fully paid weeks of leave for child birth/adoption
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
security engineeringcloud-native securityIAMnetworkingloggingmonitoringsecrets managementinfrastructure-as-codeTerraformpolicy-as-code
Soft skills
communicationself-directedautonomythreat modelingrisk assessmentmentoringcoachinginfluencingcollaborationleadership
Certifications
SOC 2