Role Description The Security Engineering team is responsible for protecting Sift’s products, infrastructure, and data while enabling our engineering organization to ship quickly and safely. As a Senior Security Engineer, you’ll be a key technical contributor and subject-matter expert, working on projects that materially reduce risk and strengthen Sift’s security posture. In this role, you will: - Design, implement, and operate security controls and tooling across Sift’s stack. - Work closely with Engineers, SREs, IT, and Legal/Compliance to secure our systems end-to-end—from application code and CI/CD pipelines to cloud infrastructure and identity. - Help define our standards, mentor other engineers on secure practices, and contribute directly to audits and compliance efforts. What you’ll do: - Design and implement security controls and tooling across Sift’s infrastructure and applications (e.g., IAM policies, network controls, secrets management, endpoint protections, container and workload security). - Embed with product and platform teams to perform security design reviews, threat modeling, and code or configuration reviews for new features and services. - Improve the secure SDLC by integrating AI-powered scanning tools, security scanning (SAST/DAST, dependency and container scanning) into CI/CD, and by developing guardrails, templates, and best practices for engineers. - Own or co-own vulnerability management workflows, from discovery and triage through remediation, including defining SLAs, coordinating with service owners, and tracking closure. - Develop automation (scripts, services, integrations) to detect misconfigurations, anomalous activity, or policy violations, and to reduce manual operational work for the security team. - Participate in security incident response (on-call rotation or escalation), including investigation, containment, root cause analysis, and long-term fixes. - Contribute to security documentation and standards, ensuring we have clear, actionable guidance for engineers on topics like authentication, authorization, data encryption, and key management. - Support audits and assessments (e.g., SOC 2, customer security questionnaires) by providing technical details and evidence of control design and effectiveness. - Mentor other engineers on secure design and implementation practices through pairing, reviews, training sessions, and written guidance. Qualifications - 5+ years of experience in security engineering, infrastructure engineering, or application security, ideally in a B2B SaaS or cloud-native environment. - Hands-on experience with at least one major public cloud platform (e.g., GCP, AWS), including IAM, networking, logging/monitoring, and security services. - Strong proficiency in at least one programming or scripting language (e.g., Python, Go, Java, or similar) and experience using code to automate security controls or detection. - Direct experience with AI/LLM-specific security risks (prompt injection, model supply chain, etc.). - Demonstrated knowledge of secure application and system design, including topics like authentication/authorization, encryption in transit and at rest, least-privilege access, and secrets management. - Experience with security tooling such as vulnerability scanners, SAST/DAST tools, SIEM/centralized logging, endpoint protection, or cloud security posture management. - Solid understanding of common vulnerabilities and attack patterns (e.g., OWASP Top 10, misconfigurations, supply-chain risks) and how to mitigate them in practice. - Ability to work cross-functionally with engineering, IT, and compliance/legal teams, and to translate security requirements into practical implementation details. - Clear written and verbal communication skills, including the ability to document designs and decisions and to educate others on security best practices. - A collaborative, pragmatic approach: you’re comfortable making risk-based decisions, proposing options, and supporting teams in implementing secure, scalable solutions. Benefits - Intentionally building a diverse, equitable, and inclusive workplace. - Empowerment and authenticity to build trust and create a safer Internet.