Buildkite is the fastest, most reliable way to deploy and test code at any scale.
Staff Security Engineer
Location
Worldwide
Posted
10 days ago
Salary
0
Seniority
Lead
Job Description
Staff Security Engineer
Buildkite
Role Description We’re looking for a Staff Security Engineer to help shape and scale security across Buildkite’s platform, infrastructure, and developer workflows. This is a hands-on technical leadership role. You’ll drive security architecture, influence engineering standards, and help embed secure-by-default thinking into how we build and ship software. You’ll operate across Application Security, Adversarial Security, and Cloud & Platform Security - setting technical direction while remaining close to implementation. Staff Engineers at Buildkite are force multipliers. In this role, you’ll raise the security bar across the organisation, partner deeply with Engineering and Product leaders, and design security systems that scale with our growth. What You’ll Do - Build and Improve Security Across the Platform - Lead threat modeling and architectural security reviews for all parts of the organisation - Conduct Adversary Simulations and Penetrations Tests against key parts of the Application and business (attack simulation, exploit validation, abuse-case testing) - Drive the technical strategy for Application Security, adversarial testing, and cloud security - Design scalable security guardrails across CI/CD, infrastructure-as-code, and developer tooling - Improve vulnerability discovery, triage, remediation workflows, and ownership models - Strengthen supply chain and dependency security across build systems and artifacts - Design security controls that are embedded into product and infrastructure - Lead and Unblock at the Org Level - Act as a trusted security partner to engineering leaders and senior ICs - Drive alignment on security trade-offs across product velocity, reliability, and risk - Lead high-impact security initiatives end-to-end (discovery → prioritisation → implementation → rollout) - Shape incident readiness, detection improvements, and post-incident hardening - Mentor engineers to elevate secure design and implementation practices - Contribute to cross-team technical direction beyond immediate security scope when needed - Raise the Bar Through Systems Thinking - Identify structural risks and design long-term solutions rather than point fixes - Introduce automation, tooling, and policy-as-code to reduce recurring classes of issues - Improve how we measure security posture and communicate risk at leadership levels - Ensure security scales with Buildkite’s infrastructure, customer growth, and product expansion Qualifications - 7+ years of experience in security engineering, with strong depth in application security and adversarial testing - Extensive knowledge of common web and API vulnerabilities (OWASP Top 10 and beyond) and practical remediation patterns - Experience designing and reviewing secure architectures for distributed systems - Hands-on adversarial security experience (offensive testing, exploit validation, abuse-case modeling, red teaming) - Strong understanding of cloud security fundamentals, ideally in AWS environment - Experience securing CI/CD pipelines and modern developer platforms - Familiarity with Terraform or other infrastructure-as-code systems - Experience working with Kubernetes security patterns and workload controls - Strong understanding of identity, secrets management, and access control systems - Comfortable reading and writing production code (Ruby, Go, or similar) Benefits - Competitive compensation, including salary, equity, and benefits package - Flexible, remote-first culture - Meaningful technical challenges at scale - Opportunities for professional growth and company-wide technical influence - A collaborative, inclusive, and innovative culture where your ideas make a real impact Equal Opportunity Employer At Buildkite, we value diversity and celebrate all types of skills, backgrounds, and experiences. We’re dedicated to fostering an inclusive environment and providing reasonable accommodations throughout our recruitment process. If you need any accommodations or support during the application or interview process, please reach out to us at accommodations@buildkite.com.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Own and develop the IT Governance and Information Security Framework, lead security operations, coordinate audits, and ensure alignment with governance functions while establishing best practices across technology and processes.
Title: Offensive Security Engineer Location: US Department: Product and Engineering Remote Job Description: At Staris AI we believe human-based cyber defense is dead and the dream of security automation is finally within reach. Staris AI is a Series A ventured-backed firm that is reinventing application security with its innovative AI-powered penetration testing that continuously validates and remediates real attack paths in running applications. The Staris Total Context Security platform proves exploitable vulnerabilities in hours, not weeks, with zero false positives and 40:1 efficiency gains over traditional methods. We're on a mission to transform the indefensible into the impenetrable, advancing applications into a new era of security. As an Offensive Security Engineer at Staris AI, you'll be at the vanguard of the application security profession. This role goes beyond conventional application security and penetration testing; you'll be instrumental in advancing the field of automated software attack and simulation with your expertise in threat simulation and attack automation. What You'll Do - Own the execution and quality of autonomous security assessments, ensuring results are accurate, validated, and actionable for customers. - Drive the continuous improvement of AI-driven attack simulations and automated exploitation workflows to expand coverage, reliability, and assessment depth. - Apply offensive security expertise to identify realistic attack paths, validate findings, and reduce false positives across modern application and cloud environments. - Partner with engineering and research teams to operationalize new attack techniques and strengthen the platform’s autonomous testing capabilities. - Use insights from diverse target environments and customer feedback to improve assessment logic, remediation quality, and overall platform effectiveness. What You Bring - Minimum of 5 years of experience in application security assessment, source code auditing, bug hunting or similar areas - Knowledge of offensive application security fundamentals - Knowledge of relevant open-source technologies for attack automation (e.g. Tools, Libraries, Frameworks, etc.) - Experience working with relevant software assessment technologies (e.g. SAST, DAST, Fuzzing, etc.). - Prior emphasis on distributed systems and micro-service architectures - Familiarity with prompt engineering, generative AI models, and their APIs - Bachelor's degree in a related field (e.g. Computer Science, Information Technology, Cybersecurity, etc.) - Strong English language communication skills Why Staris - Backed by a founding team with deep pedigree, including alumni of Amazon, Accenture, and Palo Alto Networks, who have solved this problem operationally before. - A genuine category-defining product. Most AppSec tools create noise while Staris eliminates it with AI-driven proof of exploitability and automated, code-level remediation. - Supporting a massive, underserved market. Enterprises invest heavily in AppSec but deeply test only a fraction of their software portfolio. - Competitive base, meaningful equity, full benefits, and a remote-first culture. About Staris AI Staris AI is a Series A ventured-backed firm that is reinventing application security with its innovative AI-powered penetration testing that continuously validates and remediates real attack paths in running applications. Our Total Context Security platform proves exploitable vulnerabilities in hours, not weeks, with zero false positives and 40:1 efficiency gains over traditional methods. We're on a mission to transform the indefensible into the impenetrable, advancing applications into a new era of security.
Senior Network & Security Engineer
UMB AGWe get our customers more time with smart IT so they can achieve exceptional results.
• Support and maintenance of network infrastructures • Deployment and operation of firewall systems • Planning and design of WLAN and LAN networks • Analysis and resolution of network incidents • Autonomous incident and change management • Technical leadership of projects
• The Principal Cybersecurity Architect is responsible for driving enterprise-wide technology security strategy and providing technical expertise to business areas and project teams with an emphasis on implementation of innovative, leading-edge security technology solutions. • Proven Track Record of accomplishments and experience leading the design and deployment of AI Architectures (both On-Premise and Public Cloud) and driving and deploying Secure Cloud Adoption on an enterprise scale from Foundational Security Controls to Cloud migrations. • Extensive experience migrating from a large scale onprem datacenter to the cloud while maintaining the proper levels of security, compliance and regulatory adherence. • Bridging gaps between data scientists, engineers, AI Architects, Cloud Architects, Data Protection professionals, legal, and executive teams. • Promoting secure-by-design principles across AI and Cloud initiatives. • Leading security teams and establishing governance frameworks for AI and Public Cloud adoption.
