Security Engineer
StackAI · New York, NY · 11 mo ago
HybridInformation TechnologyFull-time
Responsibilities
- Design and Implement Security Frameworks
- Drive the creation and execution of security measures across both infrastructure and application layers (Render.com, Vercel, GCP, Azure, Kubernetes), ensuring StackAI remains secure as we scale rapidly.
- Shape the Security Vision
- Define and roll out a comprehensive security strategy, embedding best practices across engineering and product teams to safeguard data and systems.
- Build and Lead the Security Organization
- Recruit, mentor, and manage a high-performing security team while fostering a culture of technical excellence and proactive defense.
- Integrate Security into Development
- Partner with engineering teams to embed security into CI/CD pipelines and the entire software development lifecycle, making security a core part of how we build.
- Manage External Security Partnerships
- Oversee relationships with penetration testing firms, compliance auditors, and security vendors to strengthen our defenses and maintain trust.
- Support Customer and Partner Trust
- Work closely with customer-facing teams to clearly communicate StackAI’s security posture, compliance commitments, and incident response readiness.
- Harden Third-Party Dependencies
- Evaluate and continually improve the security of external tools, APIs, and integrations critical to our platform.
- Lead Incident Response
- Own the security incident response process, coordinating resolution efforts across teams and implementing long-term preventive measures.
- Ensure Compliance and Audit Readiness
- Collaborate with operations and legal teams to prepare for audits (e.g., SOC 2, ISO 27001) and uphold top-tier standards for regulatory and vendor security.
Qualifications
- Proven Security Expertise
- 4+ years of hands-on experience in security engineering with success across both infrastructure and application layers.
- Prior leadership experience in scaling tech companies or startups, ideally in roles that bridged strategy and execution.
- Clear and Confident Communication
- Able to translate complex security concepts into clear language for both technical and non-technical audiences.
- Strong Risk and Threat Management Skills
- Deep background in risk assessment, threat modeling, and vulnerability management.
- Cloud and Infrastructure Mastery
- Practical experience with GCP, Azure, or AWS, combined with a strong understanding of infrastructure and API-level security.
- Secure Development Knowledge
- Familiarity with secure coding practices, especially in JavaScript/TypeScript, Go, and Node.js.
- DevSecOps and Automation Experience
- With modern security tooling and automating testing across build and deployment pipelines.