Software Engineer, Security
About the role
Build the Foundations of Trust. Design and ship systems that make Sierra’s platform secure by default — spanning privacy, identity, authentication, authorization, and data security. You’ll work across backend services, APIs, and infrastructure layers to embed security-conscious design into the core of our product.
Own Cross-Cutting Systems. Partner with product and platform teams to implement and evolve Sierra’s trust primitives: identity management, access control, auditability, and data lifecycle management. You’ll make pragmatic design trade-offs between usability, performance, and security.
Secure Agentic AI Systems. Build controls that ensure AI agents can't leak customer data, execute unauthorized actions, or be manipulated into unintended behavior. Design runtime policy enforcement for tool use, implement safe agent sandboxing, and create boundaries that protect data while keeping agents powerful and useful.
Automate and Scale Security-Adjacent Workflows. Create developer-friendly tooling to reduce risk and friction — whether through automating security checks in CI/CD, enforcing privacy boundaries through schema validation, or instrumenting runtime monitoring for sensitive events.
Responsibilities
- Build the Foundations of Trust
- Own Cross-Cutting Systems
- Secure Agentic AI Systems
- Automate and Scale Security-Adjacent Workflows
Requirements
Strong Software Engineering Skills. Experience building and maintaining production systems in Python, Go, or TypeScript. You’re comfortable designing APIs, integrating with authentication or identity frameworks, and shipping high-quality code in a fast-paced environment.
Security Mindset. You may not be a dedicated security engineer, but you think like one — considering how data flows, where it’s stored, who can access it, and how to design for least privilege and transparency.
Product and Platform Mindset. You care about building secure systems that enable, not block, innovation. You work closely with product teams to make trade-offs clear and help them move quickly without sacrificing trust.
Curiosity and Ownership. You’re the kind of engineer who goes deep — tracing how a token propagates through the stack, or how an LLM might interact with internal APIs — because you want to understand and strengthen the system. Even better if…
- You’ve worked on privacy, identity, trust & safety, auth/authz, or data protection systems.
- You’ve built security frameworks, libraries, or tooling that developers actually use or integrated security automation into CI/CD pipelines.
- You have exposure to AI systems or care about designing secure-by-default LLM applications.
- You think like an attacker — you naturally ask "what could go wrong?" when reviewing designs or while building systems.
- You've found or fixed real security issues in production systems.
- You thrive in 0→1 environments, where foundational systems have to balance speed, reliability, and trust.
Qualifications
Strong Software Engineering Skills. Experience building and maintaining production systems in Python, Go, or TypeScript. You’re comfortable designing APIs, integrating with authentication or identity frameworks, and shipping high-quality code in a fast-paced environment.
Security Mindset. You may not be a dedicated security engineer, but you think like one — considering how data flows, where it’s stored, who can access it, and how to design for least privilege and transparency.
Product and Platform Mindset. You care about building secure systems that enable, not block, innovation. You work closely with product teams to make trade-offs clear and help them move quickly without sacrificing trust.
Curiosity and Ownership. You’re the kind of engineer who goes deep — tracing how a token propagates through the stack, or how an LLM might interact with internal APIs — because you want to understand and strengthen the system. Even better if…
- You’ve worked on privacy, identity, trust & safety, auth/authz, or data protection systems.
- You’ve built security frameworks, libraries, or tooling that developers actually use or integrated security automation into CI/CD pipelines.
- You have exposure to AI systems or care about designing secure-by-default LLM applications.
- You think like an attacker — you naturally ask "what could go wrong?" when reviewing designs or while building systems.
- You've found or fixed real security issues in production systems.
- You thrive in 0→1 environments, where foundational systems have to balance speed, reliability, and trust.
Skills
Strong Software Engineering Skills. Experience building and maintaining production systems in Python, Go, or TypeScript. You’re comfortable designing APIs, integrating with authentication or identity frameworks, and shipping high-quality code in a fast-paced environment.
Security Mindset. You may not be a dedicated security engineer, but you think like one — considering how data flows, where it’s stored, who can access it, and how to design for least privilege and transparency.
Product and Platform Mindset. You care about building secure systems that enable, not block, innovation. You work closely with product teams to make trade-offs clear and help them move quickly without sacrificing trust.
Curiosity and Ownership. You’re the kind of engineer who goes deep — tracing how a token propagates through the stack, or how an LLM might interact with internal APIs — because you want to understand and strengthen the system. Even better if…
- You’ve worked on privacy, identity, trust & safety, auth/authz, or data protection systems.
- You’ve built security frameworks, libraries, or tooling that developers actually use or integrated security automation into CI/CD pipelines.
- You have exposure to AI systems or care about designing secure-by-default LLM applications.
- You think like an attacker — you naturally ask "what could go wrong?" when reviewing designs or while building systems.
- You've found or fixed real security issues in production systems.
- You thrive in 0→1 environments, where foundational systems have to balance speed, reliability, and trust.
Benefits
We want our benefits to reflect our values and offer the following to full-time employees:
- Flexible (unlimited) paid time off
- Medical, dental, and vision benefits for you and your family
- Life insurance and disability benefits
- Retail plan dependent on country of employment
- Parental leave
- Fertility and family building benefits through Carrot
- Lunch, as well as delicious snacks and coffee to keep you energized
- Discretionary benefit stipend giving people the ability to spend where it matters most
- Free alphorn lessons
Pay
Commensurate with experience.
Schedule
Varies.