You Willβ¦
- π‘οΈ Lead security architecture and design reviews across applications, infrastructure, and integrations to ensure secure patterns are embedded early in the development lifecycle.
- π Conduct and coordinate penetration testing, threat modeling, and security reviews for critical services, new features, and third-party integrations.
- βοΈ Design and implement security automation within CI/CD pipelines to ensure secure coding practices and infrastructure policies are enforced at scale.
- βοΈ Partner with infrastructure and DevOps teams to secure cloud platforms (AWS) and improve identity, network, and workload security.
- π Build security observability and detection capabilities, including security data pipelines, SIEM integrations, and threat intelligence signals.
- π§ Think like an attackerβidentify systemic weaknesses and design controls that protect against entire classes of attacks, not just individual vulnerabilities.
- π§βπ» Work closely with developers to improve security practices through secure architecture guidance, code review support, and developer enablement.
- π¨ Lead incident response investigations and help build processes for identifying, analyzing, and mitigating security incidents.
- π Own and evolve the bug bounty program, including triage, response processes, and improvements to vulnerability management workflows.
- π Develop security standards, playbooks, and training programs that make security practices easier for engineering teams to adopt.
- π Help define the security roadmap, identifying initiatives that improve both risk posture and operational efficiency.
You Haveβ¦
- π Deep understanding of application security, cloud security, and modern threat landscapes, including common vulnerabilities and attack techniques (OWASP Top 10, MITRE ATT&CK, etc.).
- π» Strong software engineering background with experience writing production-grade code or automation (Python, Typescript, or similar).
- βοΈ Hands-on experience securing cloud-native infrastructure, especially AWS, including IAM, networking, and containerized workloads.
- βοΈ Experience building or integrating DevSecOps pipelines, including SAST, DAST, IaC scanning, and container security tooling.
- π Experience designing security telemetry pipelines using tools such as SIEM platforms, observability systems, or data lakes.
- π§ͺ Experience running or participating in penetration testing, threat modeling, or architectural security reviews.
- π€ Proven ability to collaborate effectively with engineering, DevOps, and product teams to drive secure design decisions.
- π’ Excellent communication skills and the ability to clearly explain complex security risks and trade-offs to both technical and non-technical stakeholders.
- π‘ Strong understanding of SaaS architectures, distributed systems, and internet-facing platforms.
- 𧱠Experience developing security frameworks aligned with CIS benchmarks, NIST, or SOC2 / PCI / HIPAA compliance requirements.
- π§ Experience building security detections, threat intelligence pipelines, or runtime protection mechanisms.
- π³ Hands-on experience with Kubernetes, container security, and infrastructure-as-code (Terraform, Ansible).
Benefits:
- π€ Competitive Compensation: Competitive salary and equity packages for all employees
- π₯ Healthcare Plan: Platinum medical, dental, and vision
- π‘οΈ Free life insurance: Including long-term disability & short-term disability
- π Unlimited PTO: Uncapped vacation days & paid holidays
- πΆ Family Leave: Maternity & paternity
- π 401(k) Contribution: Assured contributes 3% of your income, even if you don't contribute
- π WFH Benefits: Lunch on us 2x/week, monthly phone stipend & other home office perks
- πͺ Health FSAs & HSAs: Pre-tax accounts for out-of-pocket medical expenses
- π€ Team events & Offsites: We're remote, but we regularly get together