Jobs · Information Technology · Colorado

Security Engineer

Ibotta · Denver, CO · 3 wk ago
HybridInformation Technology$115k–$130k/yrFull-time

About the role

Ibotta is seeking a Security Engineer with a deep expertise in Application Security, Vulnerability Management, and Cloud Infrastructure to join our innovative team and contribute to our mission to Make Every Purchase Rewarding.

Responsibilities

  • Perform application security assessments, including manual code reviews and penetration testing.
  • Mature Ibotta’s bug bounty program to scale with AI generated submissions and attack surface.
  • Analyze Ibotta's application architecture to identify weaknesses and develop opportunities for improvement.
  • Integrate and manage SAST, DAST, and SCA tools within the CI/CD pipeline.
  • Lead threat modeling for new application features with key stakeholders across mobile, platform, infrastructure and AI enablement.
  • Develop and maintain secure coding practices, provide training to developers.
  • Work with Ibotta’s engineering team to design, implement, and monitor runtime and container security controls across cloud platforms (AWS/GCP).
  • Automate infrastructure security checks using Infrastructure as Code (IaC) scanning tools.
  • Evaluate the security of AI-generated code and implement guardrails for model-serving endpoints in the development process.
  • Stay ahead of the curve on AI-specific threats such as prompt injection, data poisoning, and model inversion.
  • Participate in a 24/7 on-call rotation and incident response.

Requirements

  • 4+ years in security engineering, application development, or application security.
  • Proficiency in languages like Python, Go, or Java; experience with Docker/Kubernetes.
  • Basic knowledge of networking security is a plus.
  • Strong knowledge of AWS security services and IaC (Terraform).
  • Experience writing secure IAM policies and other configurations in Terraform a plus.
  • Understanding of Continuous Integrations/Testing/Delivery.
  • Strong understanding of Web API security patterns and modern authentication protocols.
  • Familiarity with OWASP Top 10 and implementing technical controls to address vulnerabilities.
  • Working knowledge of web application testing tools.
  • One or some combination of the following are a plus but not required: CompTIA SecAI+, eCPPT, eWPT, GWAPT, OSCP, or similar.

Qualifications

  • Must have the ability to work effectively across the organization/collaborate effectively with both technical and non-technical team members, possess excellent oral & written communications skills, and demonstrate effective problem-solving skills.
  • Experience building custom security tooling or automation scripts.

What We Are Looking For

  • 4+ years in security engineering, application development, or application security.
  • Proficiency in languages like Python, Go, or Java; experience with Docker/Kubernetes.
  • Basic knowledge of networking security is a plus.
  • Strong knowledge of AWS security services and IaC (Terraform).
  • Experience writing secure IAM policies and other configurations in Terraform a plus.
  • Understanding of Continuous Integrations/Testing/Delivery.
  • Strong understanding of Web API security patterns and modern authentication protocols.
  • Familiarity with OWASP Top 10 and implementing technical controls to address vulnerabilities.
  • Working knowledge of web application testing tools.
  • One or some combination of the following are a plus but not required: CompTIA SecAI+, eCPPT, eWPT, GWAPT, OSCP, or similar.
  • Must have the ability to work effectively across the organization/collaborate effectively with both technical and non-technical team members, possess excellent oral & written communications skills, and demonstrate effective problem-solving skills.
  • Experience building custom security tooling or automation scripts.

Pay

Base compensation range: $115,000 - $130,000. Equity is included in overall compensation package.

Schedule

This position is located in Denver, CO and includes competitive pay, flexible time off, benefits package (including medical, dental, vision), Employee Stock Purchase Program, and 401k match. Denver office perks include paid parking, snacks, and occasional meals.

Similar jobs

Security Engineer

Sonata Software North America Inc.Irving, TX· 3 wk ago
Information Technologyapply on sonataone.darwinbox.in

Security Engineer

United States Cold Storage, Inc.Camden, NJ· 1 wk ago
Information Technology$100k–$120k/yrapply on recruiting.ultipro.com

Security Engineer

HeyGenSan Francisco, CA· 1 wk ago
Information Technologyapply on grnh.se

Security Engineer

Menlo ResearchSan Francisco, CA· 3 wk ago
Information Technologyapply on menlo.ai

Security Engineer

Cogent PeopleColumbia, MD· 1 mo ago
Information Technologyapply on recruiting.paylocity.com

Security Engineer

EABRichmond, VA· 3 wk ago
Engineering$74k–$93k/yrapply on recruit.hirebridge.com