• Analyze Censys telemetry and derived datasets to identify signals that improve AI/ML model training for classification that affects security outcomes • Build and improve training and evaluation datasets using Internet telemetry, manually curated labels, and analyst-reviewed data • Drive feature discovery, feature selection, and labelling strategies for models that classify entities as benign, suspicious, or malicious • Work on multi-layer labeling and classification problems, where categories such as device type, router, honeypot, or edge service may need to be identified before risk classification • Partner with Research / Detection teams to translate security domain expertise into actionable workflows • Collaborate with ML engineers and software engineers to ensure features, labels, and model inputs are practical to productionize • Contribute to feedback loops and evaluation frameworks that improve precision, recall, confidence, and coverage over time • Build tooling to support the efforts listed above

• Design, build, and implement robust security architectures for all Engineering projects and systems, including future products that incorporate AI/ML technology. • Lead, maintain, and drive the multi-year security architecture roadmap, ensuring it remains dynamic and aligned with business objectives, product innovation, and the evolving threat landscape. • Develop secure frameworks for AI/ML deployments and manage the long-term transition to Post-Quantum Cryptography (PQC) standards. • Partner with product and engineering leaders to define the overarching product security strategy, ensuring security is a core enabler of product innovation and high-scale payment orchestration. • Serve as the lead security advisor for international market expansion, ensuring architecture aligns with regional data residency requirements, localized payment regulations, and international standards. • Recommend updates to corporate security policies to ensure controls grow with the business, specifically targeting compliance with PCI DSS, ISO-27001, ISO-27701, ISO-42001, and emergent payment security regulations across global markets. • Provide technical guidance for Engineering teams and lead security-related cross-functional and business-driven projects. • Stay updated on the latest security trends, threat intelligence, and attack vectors to continuously improve the security posture.

• Deliver complex technical implementations for customer projects, acting as a delivery subject matter expert • Lead the implementation of agreed technical designs produced by Solution Architects and Technical Consultants • Diagnose and resolve technical issues, ensuring high levels of customer satisfaction and solution quality • Work closely with Project Managers to meet agreed milestones, timelines, and delivery standards • Deliver technical knowledge‑transfer workshops and handover sessions to customers • Produce high‑quality post‑delivery and technical documentation • Build and maintain strong working knowledge of all products and solutions across the practice

Role Description Fireflies.ai is looking for a hands-on Security Engineer to protect our infrastructure, product, and user data as we scale globally. This role is ideal for someone who can ship code, automate security workflows, triage vulnerabilities, and work closely with engineering teams to build secure systems. - Build and improve security controls across our product, backend, and infrastructure. - Review code, architecture, and infrastructure for security risks. - Run vulnerability assessments, penetration testing, and security audits. - Debug and patch security issues in backend systems. - Manage bug bounty triage and remediation workflows, including HackerOne. - Automate security checks, alerts, and vulnerability workflows. - Partner with engineering teams to promote secure coding practices. - Support incident response and security investigations. - Configure and maintain security tools such as firewalls, IDS/IPS, scanners, and monitoring systems. Qualifications - 3+ years of experience in security engineering, backend security, or infrastructure security. - Strong backend development experience with Node.js/TypeScript. - Ability to ship code end-to-end. - Good understanding of authentication, authorization, cryptography, and common vulnerabilities. - Experience with security testing tools such as Burp Suite, Metasploit, Wireshark, or similar. - Experience with cloud security, preferably GCP or AWS. - Familiarity with Kubernetes, Docker, and modern infrastructure security. - Strong problem-solving and communication skills. Requirements - Experience with SaaS or high-growth startup environments. - Bug bounty program experience. - Experience with SOC 2, HIPAA, GDPR, Vanta, or GitHub Advanced Security. - Contributions to the security community, such as CVEs, talks, or open-source work. - Experience with DevSecOps or security automation. Benefits - Competitive compensation. - Work remotely anywhere in your respective country. - Ability to move laterally within a team and grow rapidly. - Paid time off and flexible leave policy. - No boss culture. - Flexible working hours. - LGBTQ+ friendly. - Company offsites. - Tech reimbursements.