Vanta Inc. logo
Vanta Inc.

Vanta Inc. is a software development company that is on a mission “to secure the internet and protect consumer data.” As an employer, the company strives to

Senior Security Engineer

Location

United States

Posted

1 day ago

Salary

$227K - $267K / year

Seniority

Senior

Bachelor DegreeEnglish

Job Description

Senior Security Engineer

Vanta Inc.

• Participate in team exercises to identify potential security risks, including threat modeling and tabletop scenarios • Contribute to complex prioritization discussions around which risks are the most important to solve next • Plan projects to address the risks we prioritize, and coordinate with cross-functional stakeholders across the company to execute those projects • Build maintainable programs to implement operational excellence where ongoing work is needed to achieve our goals (e.g. vulnerability management) • Partner with engineering teams to architect secure software, address security concerns, and build a strong security culture • Build, customize, and run tools to increase the maturity of our security program without adding undue friction to the company’s operations • Support ongoing bug bounty and penetration testing programs • Establish and maintain a network of security champions • Understand security knowledge gaps of the development organization and help to deliver training to address gaps • Provide input into architectural discussions to enable teams to innovate in a secure and repeatable manner

Job Requirements

  • A track record of independent ownership of areas of responsibility
  • Experience with threat modeling, red teaming, penetration testing, or other means of identifying security issues
  • Experience with software development and the ability to read code to identify security issues
  • Strong collaboration and communication skills, with deep developer empathy
  • Highly organized project management skills
  • Open to using AI to amplify their skills and strengthen their work - demonstrating curiosity, a willingness to learn, and sound judgment in applying AI responsibly to improve efficiency and impact.

Benefits

  • Industry-competitive salary and equity
  • Comprehensive medical, dental, and vision coverage, with 100% of employee-only benefit premiums covered for most medical plans
  • 16 weeks paid Parental Leave for all new parents
  • Health & wellness stipend
  • Remote workspace, internet, and cellphone stipend
  • Commuter benefits for team members who report to the SF and NYC office
  • Family planning benefits
  • Matching 401(k) contribution with immediate vesting
  • Flexible PTO policy, plus 80 hours of Sick Time
  • 11 company-paid holidays
  • Virtual team building activities, lunch and learns, and other company-wide events!

Related Categories

Related Job Pages

More Security Engineer Jobs

Full TimeRemoteTeam 501-1,000Since 2005H1B No Sponsor

• Review and threat model AI-powered product features, LLM integrations, agentic workflows, MCP servers, tools, plugins, retrieval systems, model outputs, and internal AI tools before launch. • Build reusable AI security primitives such as guardrails, scanners, policy checks, tool-use controls, registries, sandboxes, libraries, and workflow-native enforcement points. • Design security tooling that can sit in the inference, retrieval, or execution path to detect and prevent prompt injection, jailbreaks, tool misuse, data leakage, unsafe code generation, and suspicious agent behavior. • Partner with teams building products and platforms with AI to define practical security controls that fit how they design, build, and ship. • Proactively find, fix, and prevent AI security issues, while making any required product or engineering changes clear and low-friction for partner teams. • Turn one-off AI security issues into systemic fixes, paved paths, measurable controls, and reusable guidance.

United States
$190.8K - $267.1K / year
First Stop Health logo

Security Engineer

First Stop Health

We deliver care that people love. Members can talk with doctors or counselors 24/7 via app, website or phone.

Full TimeRemoteTeam 51-200Since 2011H1B No Sponsor

• design, implement, and maintain security controls and practices across the organization • partner closely with Engineering, DevOps, IT, Compliance, and the broader Information Security team to identify risks and strengthen security posture • lead application security initiatives including architecture reviews, threat modeling, code reviews, and penetration testing coordination • integrate security controls and testing into the SDLC and CI/CD pipelines • partner with development teams to remediate vulnerabilities and improve secure coding practices • champion secure design principles across web, mobile, API, and cloud-native applications • support implementation and operation of security testing tools including SAST, DAST, SCA, and secrets detection • perform and facilitate threat modeling exercises to identify potential attack vectors and prioritize risks • conduct risk assessments and provide actionable guidance to reduce application-level security risk • communicate risk findings clearly, balancing technical detail with business impact • design, implement, and maintain security controls across cloud, infrastructure, applications, and enterprise systems • evaluate and implement security technologies that improve organizational security posture • support identity and access management initiatives, including authentication, authorization, and privileged access controls • assess cloud environments for security risks and recommend remediation strategies • assist with security investigations, incident response activities, and post-incident reviews

United States
GitLab logo

Senior Manager, Security Compliance

GitLab

Build software faster. The One DevOps Platform enables your entire org to collaborate around your code. We're hiring.

Full TimeRemoteTeam 1,001-5,000Since 2014H1B No Sponsor

• Lead and mentor a team focused on security compliance, providing direction, support, and clear priorities while building a high-performing function. • Oversee and expand GitLab's certification portfolio across frameworks such as ISO 27001/17/18, ISO 42001, Service Organization Control 2 (SOC 2), Payment Card Industry (PCI), TiSAX, Cyber Essentials, and Federal Risk and Authorization Management Program (FedRAMP). • Partner with cross-functional stakeholders in IT, Security, Legal, Product, and Engineering to integrate governance, risk, and compliance requirements into business processes and technical systems. • Drive automation within the function by using scripting, coding, and AI-enabled approaches to improve governance, risk, and compliance workflows, including compliance-as-code and policy-as-code practices. • Monitor regulatory changes, emerging frameworks, and industry trends, and use those insights to help shape the team's roadmap and prepare the business for new requirements. • Manage relationships with third-party auditors, assessors, and consultants during activities such as external audits, certification reviews, and penetration tests. • Strengthen the team's security metrics and reporting practices, including preparing and facilitating regular business reviews and giving leadership clear visibility into progress and risk. • Serve as a subject matter expert and thought partner by delivering guidance, training, and security-focused content for internal teams, customers, and senior stakeholders, while helping strengthen GitLab's voice in the broader security market.

United States
$168K - $245K / year
GuidePoint Security logo

Principal, Security Alignment

GuidePoint Security

We help organizations make smarter cybersecurity decisions that minimize risk.

Full TimeRemoteTeam 201-500H1B Sponsor

Role Description The Principal, Security Alignment reports directly to the Chief Information Security Officer (CISO) and serves as the primary security advisor and strategic partner between Corporate Information Security and regional business operations. The organization operates a federated business model where corporate functions establish enterprise capabilities, standards, and guardrails while regional teams maintain autonomy in executing their business objectives. This role exists to ensure regional execution aligns with enterprise security expectations while enabling business velocity and operational flexibility. The Principal, Security Alignment will partner with regional leadership teams to understand: - Business processes - Professional services delivery models - Customer commitments - Internally developed solutions - Data handling practices - Operational workflows Success requires the ability to operate as a trusted business advisor — influencing without direct authority, translating security requirements into practical business outcomes, and helping regions mature without creating unnecessary friction. Qualifications - 10+ years of experience in information security, risk management, technology leadership, consulting, or business operations. - Experience operating in federated, decentralized, or matrixed organizations. - Strong understanding of enterprise security governance, risk management, and operational controls. - Experience partnering with executive business stakeholders. - Ability to influence teams without direct reporting authority. - Experience translating security concepts into business outcomes. - Strong executive communication and reporting skills. Requirements - Establish trusted relationships with regional executives and operational leaders. - Serve as the primary security advisor connecting regional business operations with the Enterprise Information Security organization. - Understand regional priorities, customer requirements, delivery practices, and operational challenges. - Help regional teams interpret and operationalize enterprise security standards. - Ensure security considerations are incorporated into regional decision-making processes. - Assess regional business practices to identify potential security, privacy, compliance, and operational risks. - Evaluate areas including: - Professional services delivery practices - Customer data handling - Customer environment access - Internally developed tools and automation - AI adoption and usage - Third-party/vendor usage - Data movement and storage practices - Customer contractual security obligations - Identify inconsistencies between regional execution and enterprise expectations. - Develop a scalable governance model that balances corporate oversight with regional autonomy. - Define clear ownership expectations between corporate security and regional leadership. - Create visibility mechanisms that allow risks to be identified proactively. - Establish regional security operating rhythms, reporting, and accountability structures. - Ensure exceptions, deviations, and business-driven decisions are documented and understood. - Provide the CISO with ongoing visibility into regional security maturity, emerging risks, and operational trends. - Develop executive-level reporting around: - Regional alignment - Key risk indicators - Security maturity - Remediation progress - Areas requiring leadership escalation - Escalate material concerns where business practices create unacceptable enterprise risk. - Identify opportunities to simplify adoption of corporate security capabilities. - Reduce friction between security requirements and regional execution. - Create reusable playbooks, processes, and frameworks. - Promote consistency without eliminating appropriate regional flexibility. - Build a culture where security is viewed as a business enabler. First Six-Month Objectives - Complete security/business assessments across all eight regions. - Establish relationships with regional leadership teams. - Create a regional security maturity baseline. - Identify high-priority risks and improvement opportunities. - Define the corporate/regional responsibility model. - Establish recurring governance and reporting cadence. - Implement regional security scorecards. - Deliver a prioritized roadmap for long-term maturity. Benefits - Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions). - Group Medical Insurance options: - Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans). - High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans). - Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans. - 12 corporate holidays and a Flexible Time Off (FTO) program. - Healthy mobile phone and home internet allowance. - Eligibility for retirement plan after 2 months at open enrollment. - Pet Benefit Option.

United States