Staff Security Engineer

Job Summary

Required Qualifications

• 7+ years of experience in security engineering, application security, cloud security, or related technical security disciplines
• Strong hands-on expertise across multiple security domains including Application Security, Cloud Security, Detection & Response, and Infrastructure Security
• Experience conducting vulnerability assessments and penetration testing across web, API, and mobile applications
• Deep knowledge of security testing technologies including SAST, DAST, SCA, and CI/CD security tooling
• Strong experience securing cloud environments (AWS preferred)
• Experience with EDR, DLP, SIEM, and threat detection technologies, including platforms such as CrowdStrike
• Deep understanding of threat modeling, secure architecture design, and modern attack techniques
• Experience leading architecture reviews and influencing engineering decisions at scale
• Strong programming or scripting skills using Python, Go, or similar languages
• Excellent communication skills with the ability to communicate technical risks to both engineering teams and senior leadership
• Proven ability to lead complex security initiatives and influence cross-functional stakeholders
• Experience in e-commerce, retail technology, or large-scale consumer platforms (preferred)
• Background in red teaming, adversary emulation, or offensive security operations (preferred)
• Experience with Infrastructure-as-Code and policy-as-code technologies such as Terraform and OPA (preferred)
• Familiarity with enterprise security platforms including Google Workspace, Okta, and DLP solutions (preferred)
• Experience building internal security tooling and automation frameworks (preferred)
• Security certifications such as OSCP, OSWE, CISSP, CCSP, or equivalent practical experience (preferred)
• Experience operating in high-growth, cloud-native engineering organizations (preferred)