Senior/Staff Security Engineer
EvenUp · San Francisco, CA · 3 wk ago
HybridInformation Technology$180k–$260k/yrFull-time
What You'll Do
- Build Secure Products: Partner with Engineering to embed security throughout the SDLC through threat modeling, secure design reviews, vulnerability management, penetration testing, and practical security guidance.
- Strengthen Our AI Platform: Help design and implement security controls for AI-powered products and internal AI tooling.
- Evaluate Emerging Threats: Develop practical approaches to securing LLM applications and address emerging threats.
- Improve Cloud & Infrastructure Security: Secure our cloud environment, identity systems, endpoints, and production infrastructure while continuously improving our overall security posture.
- Automate Security: Build tools, workflows, and automations that help engineering teams identify, prioritize, and remediate security issues more efficiently.
- Respond to Security Events: Help lead incident response, improve detection capabilities, investigate security events, and continuously strengthen our monitoring and response processes.
- Raise the Security Bar: Partner with engineers across the company to promote secure development practices, improve documentation where needed, and build security into how we work every day.
What We Look For
- 5+ years building or scaling security at a startup or high-growth technology company.
- Strong application security experience, including secure SDLC, SAST/DAST, CI/CD security, and vulnerability management.
- Experience securing modern cloud environments and infrastructure.
- Strong programming or automation skills (Python preferred).
- Experience partnering directly with software engineers to solve security problems.
- Familiarity with AI security concepts such as prompt injection, model abuse, adversarial testing, or LLM security is a strong plus.
- Knowledge of modern security tooling across cloud, endpoint, identity, and application security.
- A builder mentality- you enjoy solving technical problems, automating repetitive work, and improving systems over time.
- Relevant security certifications (CISSP, GIAC, CISM, etc.) are a plus, but practical engineering experience matters more.