Job Closed
This listing is no longer active.
Odyssey sits at the intersection of GovTech, EdTech, and FinTech. We are a public-sector operator, a technology company, and a program delivery partner all at once. The work we do is civic infrastructure — it determines whether families can access life-changing educational opportunities.
Sr. Security Engineer
Location
United States
Posted
44 days ago
Salary
$180K - $220K / year
Seniority
Senior
Job Description
Sr. Security Engineer
Odyssey
Role Description As Odyssey's first Security Engineer, you'll have full ownership of our security posture — shaping strategy, building programs from the ground up, and driving best practices across our entire technology stack and product suite. This is a high-impact, high-visibility role where your decisions will directly influence how we protect our customers, vendors, and employees. You'll partner closely with cross-functional teams to embed security into everything we build and ship, champion solutions to emerging security challenges, and ensure we stay ahead of an evolving threat landscape. You're someone who embraces AI tools to work smarter — whether that's accelerating threat detection, streamlining vulnerability analysis, or improving how we respond to incidents. What You’ll Do - Collaborate closely with cross-functional teams to proactively identify, assess, and remediate security risks across Odyssey's products and infrastructure, proposing enhanced controls and process improvements where needed. - Perform static and dynamic vulnerability assessments and drive remediation efforts through to resolution. - Evaluate security risks in AI systems and data pipelines, and leverage AI-assisted tooling to enhance threat detection, vulnerability analysis, and security operations. - Maintain and mature Odyssey's SOC 2 Type II program, ensuring a secure environment for vendors, customers, end-users, and employees. - Design and implement security controls across Odyssey's full technology stack — from application layer to cloud infrastructure. - Translate complex security findings into clear, actionable remediation steps for both technical and non-technical stakeholders. - Continuously audit policies, controls, and procedures to keep security practices ahead of an evolving threat landscape. - Embed security seamlessly into the developer workflow — including CI/CD pipelines, code review processes, and internal tooling — without compromising velocity. Qualifications - 6+ years of Software Engineering experience with a focus on security, cloud security, DevOps, network security, or similar domains. - Solid understanding of industry standards and compliance frameworks (SOC 2, ISO 27001, etc.) with hands-on experience driving organizational adherence. - Experience applying AI-assisted tooling to accelerate threat detection, code review, and vulnerability analysis. - Experience deploying and operating SAST, DAST, and SCA tools across the software development lifecycle. - Strong track record managing security projects end-to-end — from planning through delivery — within timelines and budgets. - Experience with penetration testing tools, techniques, and methodologies, with a clear understanding of common vulnerabilities and remediation strategies. Additional Details - This role is available as fully remote (US-based) or hybrid out of our NYC office in Tribeca. The full team comes together twice a year for an offsite. - Applicants must be currently authorized to work in the United States on a full-time basis. - The salary range for this role is $180,000 - $220,000 + generous equity depending on experience and location. - Odyssey benefits include Medical/Dental/Vision plan(s), health services, short term disability, unlimited PTO and more. Our Commitment to Equal Opportunity Employment Odyssey is an equal opportunity employer. Reasonable accommodations are available upon request.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Senior AI Security Engineer
Highmark HealthCreating remarkable health experiences, freeing people to be their best.
• Secures AI/ML, Generative AI, and agentic systems across the enterprise • Designs, tests, and operates controls to protect systems at scale • Advises engineering and security leadership on emerging AI threats • Develops security controls for AI/ML, GenAI, and agentic systems • Engineers guardrails to mitigate data leakage and insecure workflows • Analyzes agent logic and identifies systemic security weaknesses • Builds monitoring, logging, and alerting for AI systems • Partners with AI platform and data engineering teams for security integration
Senior M&A Security Professional
HumanaHumana Inc. (NYSE: HUM) is a leading U.S. healthcare company. Through our Humana insurance services and our CenterWell healthcare services, we make it easier for the millions of people we serve to achieve their best health – delivering the care and service they need, when they need it. These efforts are leading to a better quality of life for people with Medicare and Medicaid, families, individuals, military service personnel, and communities at large. Learn more about what we offer at Humana.com and at CenterWell.com.
• acts in a security assessor role to review acquisition environments of diverse scopes and complexity ranging from moderate to substantial against well-known cyber security frameworks. • help Humana assess and integrate acquired companies into the organization. • work with Humana's technology organization and various internal groups to review and contribute to integration initiatives with available technology including hardware, software, applications, and peripherals with the purpose of ensuring that security meets Humana's expectations. • review acquisition environments and assists the teams with creating, tracking, and implementing remediation plans to address identified security gaps. • Lead a risk assessment and/or audit of IT controls and systems. • conduct audit review procedures and evaluate the company's technological infrastructure against HITRUST, NIST, PCI and other internal security control frameworks. • communicate well verbally and in writing to various types of audiences. • understand when an identified risk is worthy of escalation to leadership and can manage discussions that support the escalation.
• Design and build scaffolds to automate attacker/threat modeling, attack discovery and exploitation techniques at scale • Identify promising attack surfaces and scenarios across Wealthsimple’s stack. • Architect and tune agents, prompts, and toolchains that implement real attacker TTPs. • Define success metrics and evaluation criteria for automations/ai so we can select and fine tune tooling and model use • Design and iterate on multi-step agent strategies that combine observation, planning, action, and self-learning • Improve effectiveness and automation coverage and reduce unproductive actions and loops • Propose and validate new tools or environment features that enable richer or more realistic attacks. • Research and design new AI-driven attack strategies and scenarios in anticipation of what adversaries might misuse LLMs to do in future, then help design detections and defensive measures • Analyze AI behavior and results to discover systemic weaknesses and strengths and improve platform design / outputs and compensate for weaknesses. • Compare different models, prompts, and tool sets on the same scenarios. • Measure meaningful outcomes (bugs found, depth of compromise, time-to-finding, false-positive behaviour). • Benchmark AI-driven testing against our other tooling and manual test results to understand return on investment and where to invest effort and expertise to best advantage • Translate agent outputs into high-quality findings and systemic improvements. • Identify high-confidence vulnerabilities and attack paths. • Analyze findings to uncover recurring vulnerability types and control gaps, then help us fix them • Understand how agents discovered issues and what that implies for our defences. • Share learnings and help build guardrails, detections, systemic framework fixes, libraries, or new agents/experiments
Enterprise Account Director, Data Security
Capital OneCapital One is an award-winning provider of financial services and products for commercial customers, small businesses, and consumers nationwide. In support of
• Own enterprise deals end-to-end: Source, develop, and close ARR through new logo acquisition and strategic expansion • Navigate complex buying centers: Build and execute multi-stakeholder strategies across security, data platform, compliance, legal, and procurement organizations • Run disciplined proof of concept: Lead technical evaluations with clear success criteria, tight timelines, and executive alignment to accelerate deals • Master security reviews: Guide customers through vendor risk assessments, architecture reviews, penetration tests, and compliance validation (SOC2, ISO, PCI-DSS, HIPAA) • Build compelling business cases: Quantify value across risk reduction (PCI scope reduction, breach prevention) and enablement outcomes (faster analytics, safe AI access, compliant data sharing) • Negotiate complex contracts: Navigate DPAs, security exhibits, BAAs, indemnities, and enterprise licensing terms to mutually beneficial close • Drive expansion: Develop land-and-expand strategies that grow initial deployments across lines of business, environments, and use cases • Partner strategically: Leverage cloud ecosystem relationships (AWS, Snowflake, Databricks, etc.) and GSI partnerships to accelerate deals




