Role Description As a Security Engineer you will identify and drive impactful projects to improve the security of Figma’s product, platform, and IT systems. We are hiring for multiple teams within Security Engineering: AI Security, Platform Security, Product Security, and Anti-Abuse. You will partner closely with teams across the company and focus on systemic security improvements and risk reduction. You will also participate in operational security responsibilities like security reviews, consulting, vulnerability triage, and security incident response. Examples of what you may work on across teams: - AI Security - Perform technical security assessments, code audits, and design reviews for new AI infrastructure, platforms, and products. - Design and develop technical solutions to secure AI models, tooling, debugging workflows, and data pipelines. - Advocate for secure practices across Figma’s AI infrastructure, platforms, and data systems. - Build the next generation of internal AI-powered access insights and security tooling. - Help run penetration testing and offensive security exercises against Figma’s AI infrastructure, platforms, and products. - Platform Security - Perform technical security assessments, code audits, and design reviews for changes to Figma’s cloud and corporate infrastructure. - Design and develop solutions to prevent or mitigate cloud and corporate security risks. - Advocate for secure practices within Figma’s cloud and corporate infrastructure. - Build platforms and tooling to detect and respond to infrastructure and corporate security threats. - Product Security - Perform technical security assessments, code audits, and design reviews for new product features. - Design and develop solutions to prevent or mitigate product security vulnerabilities. - Advocate for secure development practices across Figma’s products and services. - Help run penetration testing, offensive security exercises, and support our bug bounty program. - Help respond to product security incidents. - Anti-Abuse - Design and build technical systems to prevent spam, fraud, and abuse. - Partner closely with product teams to identify and address potential abuse vectors. - Develop new signals and improve the use of existing signals to detect abusive behavior. - Help respond to spam, fraud, and abuse incidents. This is a full-time role that can be held from one of our US hubs or remotely in the United States. Qualifications - 5+ years of proven engineering experience working in either a Security Engineering or a Software Engineering role. In the case of the latter, some security experience is preferred. - Strong security judgment in threat modeling and risk prioritization and/or strong technical judgment in designing and building maintainable, scalable systems. - Proficiency in at least one general-purpose coding language. - Strong communication and interpersonal skills, with demonstrated experience collaborating across functions. Requirements - While not required, it’s an added plus if you also have subject matter expertise in Application Security, Cloud Security, Corporate Security, Data Access Governance, and/or IAM (Identity and Access Management). - Demonstrated ability to make hard prioritization decisions in security controls. Benefits - Figma offers equity to employees, as well a competitive package of additional benefits, including health, dental & vision, retirement with company contribution, parental leave & reproductive or family planning support, mental health & wellness benefits, generous PTO, company recharge days, a learning & development stipend, a work from home stipend, and cell phone reimbursement. - Figma also offers sales incentive pay for most sales roles and an annual bonus plan for eligible non-sales roles. - Annual Base Salary Range: $149,000 — $350,000 USD

• Own product security reviews end-to-end: threat modeling, security architecture review, and design consultation for new features and services • Lead security design reviews for Flex's payment processing, account management, and partner integration platforms • Drive the secure development lifecycle (SDLC) across engineering teams — shifting security left through tooling, process, and education • Perform application security assessments, code review, and penetration testing for critical product surfaces • Respond to and investigate complex security incidents; lead post-incident analysis and remediation • Build security automation and tooling to scale product security reviews (AI-assisted review tools, SAST/DAST pipeline integration) • Translate complex security concepts for cross-functional stakeholders and drive security adoption across product and engineering • Contribute to security standards, frameworks, and architectural patterns that guide organization-wide practices

• Teaching Assistants (TAs) play a critical role in teaching ~25-30 learners (as part of a larger class) in Correlation One’s virtual Information Security training program. • TAs will be expected to support synchronous sessions as well as provide asynchronous support to Fellows to ensure their comprehension and learning. • Live Session Coverage: Provide live session coverage on a rotational basis. TAs will be placed in a trio of 3 TAs who will rotate, with each TA providing live coverage for approximately 19 sessions throughout the program. • Lab Session Hours: Attend all live lab sessions. During these labs, 1-2 TAs will lead while all other TAs support. • Administrative Work: Dedicate 2 paid hours per week for administrative work. This includes one 30-minute weekly team meeting and 1.5 hours for asynchronous support, such as answering learner messages on Slack, grading, and other admin tasks. • Learner Experience: Work with fellow TAs and Lead Instructors on ways to improve the learner experience and ensure the progress and satisfaction of your Fellows.

Building a career at Granite may be the most valuable thing you could do... Find your dream job today, and be part of something great. Our most powerful partnership is the one we have with our employees. Our people are our most valued asset and the foundation of Granite’s century-old success. We’re building more than infrastructure; we are building your future. General Summary This position is responsible for supporting the company’s cybersecurity program identifying cybersecurity risks within the enterprise and developing initiatives to mitigate and/or eliminate those risks. This position is a fully remote role. Essential Job Accountabilities - Supports all aspects of Data Governance efforts to ensure the quality and security of the data used across the organization. - Assists with security-related triage, such as Incidents and Exceptions, to ensure timely diagnosis and resolution of possible network events. - Handles Incident escalations from the team to ensure management is made aware of possible security breaches. - Participates in Sprint planning for new implementations to ensure everyone in the organization is aware of development schedules and priorities and to ensure the Development team is focused on the appropriate deadlines. - Creates User Stories for new technology implementation and prescribes Test Cases to ensure successful implementations within the organization. - Monitors tools with security policies and procedures, ensures enforcement sanctions, and documentation to drive end-user compliance. - Authors security policies, standards, procedures, and runbooks to ensure optimal security safety and compliance. - Resolves security issues by working with other Infrastructure staff and users to minimize security interruptions and secure the Company’s IT infrastructure. Education - Bachelor’s degree in Computer Science, Information Technology, or related field of study required - Certification in a cybersecurity or information security discipline, such as CISSP, CEH or CISM preferred Work Experience - 7+ years of Information Technology security experience, preferably in a medium to large organization Knowledge, Skills, & Abilities - Proficient in IT Security tools such as vulnerability management, endpoint detection and response, SIEM/SOC, Email Secure Gateway, Web filtering an SSL description and Next-Gen firewalls. - Must have working knowledge of IT networking, Windows, and VMWare systems and related security requirements. - Must possess the ability to be proactive and identify, define, and analyze complex data security issues and to recommend and implement solutions. - Exhibit high degree of initiative and independent judgment with demonstrated troubleshooting, follow-through, and critical-thinking skills. - Ability to manage multiple projects simultaneously in a fast-paced, detail-oriented, and consistently changing work environment with the ability to make decisions based on research results. - Advanced analytical and technical skills requiring an aptitude for detail, precision, and logic with comprehensive knowledge of Cybersecurity administration. - Excellent interpersonal, verbal, and written communication skills with the ability to communicate with courtesy and diplomacy. - Ability to efficiently follow written and verbal instructions. - Excellent organizational skills including record keeping, data collection, and system information. - Conduct detailed analysis of security events and evidence, compile and analyze data, and to furnish information in report format, written correspondence, email, or verbally. Physical Demands The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is regularly required to talk and hear. The employee frequently is required to stand, walk, sit, and use hands to operate a computer keyboard. The employee is occasionally required to reach with hands and arms. The employee must occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision, and ability to adjust focus. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Additional Requirements/Skills - Comply, understand, and support corporate safety initiatives to ensure a safe work environment - Ability and willingness to abide by the Company’s Code of Conduct daily - Travel up to 10% Our Benefits at a Glance: Building tomorrow starts with you, and Granite knows that you can excel only if we support you in and out of the workplace. That is why we offer a broad benefits package that includes paid holidays, sick leave, medical, dental, vision, life insurance, disability insurance, flexible spending plans, as well as special programs for musculoskeletal health, mental wellness, and more. Salaried employees may choose from two PPO medical plans through Anthem BlueCross, including our most popular plan, for which 100% of the premium is paid by Granite for eligible employees and dependents. Employees can also opt into a Health Savings Account (HSA) or a Flexible Spending Account (FSA). As part of our investment in your future outside of the workplace, Granite provides a 100% match on the first 6% of eligible compensation that salaried employees defer into their 401(k) plans, which vests immediately. Benefits may vary for positions located outside of the continental United States. Base Salary Range: $110,159.00 - $211,418.00Pay may vary based upon relevant experience, skills, location, and education among other factors. ​ About Granite Construction Incorporated Granite Construction Incorporated is a member of the S&P 400 Index and is the parent company of Granite Construction Company, one of the nation's largest heavy civil contractors and construction materials producers. Granite is a Drug-Free Workplace and Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, protected veteran status, or any other protected characteristic. We consider qualified applicants with arrest and conviction records in accordance with the San Francisco Fair Chance Ordinance, the Los Angeles Fair Chance Initiative for Hiring Ordinance, and other applicable laws. For additional information on applicant/employee rights please click here. Notice to Staffing Agencies Granite Construction, Inc. and its subsidiaries ("Granite") will not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to Granite, including unsolicited resumes sent to a Granite mailing address, fax machine or email address, directly to Granite employees, or to Granite's resume database will be considered Granite property. Granite will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume. Granite will consider any candidate for whom an Agency has submitted an unsolicited resume to have been referred by the Agency free of any charges or fees. Agencies must obtain advance written approval from Granite's recruiting function to submit resumes, and then only in conjunction with a valid fully-executed contract for service and in response to a specific job opening. Granite will not pay a fee to any Agency that does not have such agreement in place. Agency agreements will only be valid if in writing and signed by Granite's Human Resources Representative or his/ her designee. No other Granite employee is authorized to bind Granite to any agreement regarding the placement of candidates by Agencies.