Security Engineer
About the role
We are seeking a Senior Security Engineer to join our Infrastructure Team. This role requires a deep understanding of security as an engineering challenge and the ability to build the necessary tooling and architecture to prevent critical mistakes.
Responsibilities
- Own the Stack: Secure everything from our Kubernetes clusters on the cloud to our SaaS integrations and developer workflows.
- Usher in the Future: Articulate and execute on a vision for what security should be in the age of LLMs giving both us and attackers increasing leverage.
- Engineer for Security: Build internal tooling and CI/CD automations that catch vulnerabilities before they ever hit production.
- Arcitect & Model: Lead threat modeling sessions and secure code reviews, ensuring we design "secure-by-default" APIs and deployments.
- Harden the Perimeter: Take a first-principles approach to hardening authentication and access control across all internal and external surfaces.
- Red Team: Proactively probe for vulnerabilities and lead the remediation.
- Lead the Bug Bounty: You will be the primary owner for standing up, launching, and managing our Bug Bounty Program, triaging reports, and driving remediation.
- Respond & Remediate: Investigate vulnerabilities, lead incident response, orchestrate pen testing, and run blameless postmortems that actually result in systemic change.
- Evangelize: Be the partner, not the blocker. Translate complex security risks into actionable engineering tasks that your peers can get excited about.
Requirements
You must have 6+ years of experience in software/infrastructure engineering with a deep obsession with security. You should be deeply familiar with Google Cloud (GCP), Kubernetes, and containerized environments. You need to be able to analyze a system for weaknesses and respond to real-world incidents and leading remediation efforts.
Qualifications
- Startup Native: Thrive in a fast-paced 100–300 person environment.
- Security-First Engineer: Don't just find holes; write the code to plug them.
- Cloud Savvy: Familiar with Google Cloud Platform (GCP).
- Systems Thinker: Analyze systems for weaknesses.
- Action-Oriented: Respond to real-world incidents and lead remediation efforts.
Skills
- Experience with security tools and technologies.
- Knowledge of security principles and practices.
- Ability to architect and implement secure systems.
- Experience with threat modeling and secure code reviews.
- Strong problem-solving skills.
Benefits
- $4000/yr travel stipend
- $350/mo productivity stipend
- $350/mo AI Tools stipend
- $150/mo team lunch stipend
- $500/one time home office stipend
- Cover up to 100% of your health insurance costs for you and your partner or family
- Equity in the company
Pay
The target salary for this position ranges from $165,000-$200,000.
Schedule
Roboflow is distributed across the US and Europe. We currently have Hubs in New York City and San Francisco (and plan to open more as we grow density in new cities). We provide opportunities to work in person with other team members as much as you'd like, while also supporting remote team members.