Job Openings Lead Security Engineer

About the job Lead Security Engineer

Lead Security Engineer

Role Overview
As our first dedicated Security hire, you will play a pivotal role in defining and executing our security strategy while remaining hands-on across the entire technology stack. This position encompasses application security, infrastructure security, IT/Network security, and data governance. You will design and implement robust security architecture, collaborate with engineering teams, proactively identify and mitigate risks, and lead incident response efforts. Your mission is to integrate security seamlessly into our systems from inception, ensuring a secure and scalable foundation for the organization.

Key Responsibilities

Security Strategy & Architecture

  • Define and implement security best practices across infrastructure, applications, and IT systems.
  • Embed "shift-left" security principles within the software development lifecycle and CI/CD pipelines.
  • Implement and manage security tooling, including Software Composition Analysis (SCA), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST).

Application & Infrastructure Security

  • Secure cloud environments (GCP preferred), including networking, IAM, encryption, and data storage.
  • Conduct comprehensive risk assessments, vulnerability scans, penetration tests, and security reviews.
  • Lead incident response processes, ensuring effective detection, containment, and remediation of security threats.

IT & Corporate Security

  • Manage identity and access controls, including SSO, IAM, VPNs, and endpoint security policies.
  • Secure SaaS platforms and configurations (Google Workspace, collaboration tools, etc.).
  • Oversee device security, ensuring adherence to endpoint protection and management policies.

Collaboration & Leadership

  • Work closely with engineering teams to embed security in the design and development of new products and features.
  • Foster a strong security culture across the organization, providing guidance and training on best practices.
  • Own security assessments, compliance reporting, and policy enforcement to ensure regulatory and industry standards are met.

Qualifications & Experience

Technical Expertise

  • Deep expertise in application security, cloud security (GCP preferred), and infrastructure security.
  • Strong knowledge of IAM, encryption methodologies, secure storage, and network security principles.
  • Hands-on experience with security automation and tools such as SCA, SAST, DAST, and CI/CD security integrations.

IT & Corporate Security

  • Experience managing SSO, VPNs, endpoint security, and securing SaaS-based environments.
  • Strong understanding of corporate IT security best practices, device management, and access control.

Communication & Leadership

  • Ability to effectively communicate security risks and strategies to technical and non-technical stakeholders.
  • Proven ability to lead security initiatives, influence teams, and drive a security-first mindset within an organization.

This is an exciting opportunity for a security expert looking to take ownership of an organization's security posture from the ground up. If you're passionate about building secure systems and fostering a culture of security, we'd love to hear from you!