Staff Security Operations Engineer

Remote (United States)

About the Role

A Staff Security Operations Engineer is needed to help protect modern software products, APIs, infrastructure, and cloud-native environments. This role is ideal for a senior security engineer who can think like an attacker, work like a builder, identify security flaws before they reach production, and create tooling that helps prevent similar issues at scale.

This position combines application security, security operations, cloud security, detection and response, secure development practices, and security automation. The role partners closely with engineering teams to improve secure development, strengthen detection and response capabilities, and reduce systemic security risk across products and infrastructure.

Employment Type: Full Time

Compensation

Annual Salary: $230,000 – $255,000 per year

Compensation is based on skills, experience, interview performance, and the overall hiring assessment. In addition to base salary, this role may include equity and benefits.

What You’ll Do

• Partner with engineering teams to conduct threat modeling and security reviews for new features and architecture changes.
• Establish, improve, and scale the application security program.
• Implement and evolve SAST, DAST, dependency scanning, and secure coding standards.
• Drive security requirements into the software development lifecycle.
• Embed security gates into CI/CD pipelines.
• Identify and remediate vulnerabilities in products and APIs.
• Focus on reducing systemic security risk instead of relying only on one-off fixes.
• Act as a security advisor for product teams building customer-facing features.
• Review and guide security decisions involving authentication, authorization, and data handling.
• Advance detection and response strategy in partnership with engineering and IT leadership.
• Implement and maintain adherence to SOC 2 and other cloud security frameworks.
• Handle security-related escalations from Sales and Customer Success teams.
• Build and tune monitoring, logging, and alerting systems to improve visibility and reduce noise.
• Automate Security Operations workflows to accelerate investigations and response.
• Guide secure adoption of AI across internal engineering use cases and AI-powered product features.
• Participate in a lightweight and reasonable on-call rotation.

Qualifications

• 6+ years of experience in security engineering across both application security and security operations.
• Strong foundation in application security, including threat modeling, SAST, DAST, dependency management, and secure SDLC practices.
• Deep expertise with detection and response in cloud-native environments.
• Experience building and automating security tooling using scripting or programming languages, SIEM, SOAR, or AppSec tools.
• Proven ability to partner with engineering teams to improve security posture while minimizing impact on delivery timelines.
• Track record of influencing security culture across an engineering organization.
• Strong knowledge of SOC 2, ISO 27001, or similar security frameworks.
• Proven ability to lead or coordinate incident response across multiple teams.
• Track record of influencing operational security culture and practices without direct authority.

Ideal Candidate Profile

• Experienced in application security, including OWASP, threat modeling, secure code review, and API security patterns.
• Comfortable contributing to code or reviewing code.
• Able to work with developers in a way that improves security culture, not just files findings.
• Experienced with developer-facing security tooling or guardrails that engineering teams actually use.
• Skilled in cloud security controls across AWS and GCP.
• Strong understanding of application-layer security and the full stack from infrastructure to APIs and application logic.
• Comfortable embedding operational security practices directly into engineering workflows.
• Strong communicator who can explain threats, risks, and mitigations to both technical and non-technical audiences.
• Interested in the intersection of AI and security, including safe AI adoption and AI risk management.
• Motivated by outcomes, resilient systems, and reducing risk at scale.

Nice to Have

• Experience working with AI security in detection, incident response, or product security contexts.
• Experience supporting enterprise customer audits or due diligence processes.
• Familiarity with Terraform, Kubernetes, or other modern infrastructure stacks.
• Hands-on experience with threat hunting and detection engineering.
• Experience securing GraphQL APIs, federation, or API gateway patterns.
• Familiarity with software supply chain security, including SBOM, Sigstore, and dependency auditing.
• Experience with security champions programs or developer security education.

Benefits

• Equity may be included as part of the total compensation package.
• Medical benefits are available for U.S.-based employees.
• U.S. employees may have access to multiple Anthem Blue Cross medical plan options.
• California residents may have access to additional Kaiser medical plan options.
• Dental and vision benefits may be provided through Sun Life Financial.
• Variable compensation may apply for eligible roles.

Additional Information

• This is a remote position aligned with U.S. time zones.
• Employment eligibility verification may be required for U.S.-based employees.
• California residents may have access to additional privacy-related application information.
• This opportunity is open to qualified applicants without regard to protected status.