Staff Security Engineer
Hybrid · San Francisco, California, United States
Job Summary
Staff Security Engineer responsible for end-to-end authentication and authorization architecture for Collective's member platform, leading threat modeling and security reviews, designing and maintaining SAST/DAST within CI/CD, ensuring CCPA/GDPR compliance, and shaping security for AI-enabled workflows. The role embeds security into the development lifecycle, partners with Legal and Engineering, leads post-incident reviews, evaluates third-party security tooling, and drives security standards without slowing delivery. Based in San Francisco with a hybrid in-office/remote schedule, offering exposure to fintech data security and a broad product-security scope across production platforms.
Required Qualifications
- 8+ years of security engineering experience
- strong expertise in authentication and authorization systems (OAuth 2.0, OIDC, SAML, JWT)
- hands-on experience with SAST/DAST and CI/CD integration
- CCPA and GDPR awareness for SaaS handling financial data
- ability to write RFCs and lead design reviews
- ability to collaborate with Legal and Privacy teams
- ability to operate as a senior IC
- focus on security in development lifecycle and incident response
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.