Gusto logo
Gusto

Gusto, formerly known as ZenPayroll, is a privately-held financial services company dedicated to revolutionizing how businesses handle employee benefits. Gusto

Staff Software Engineer, AI Security

Security EngineerSecurity EngineerFull TimeRemoteSeniorTeam 4,405Since 2012Company Site

Location

United States

Posted

23 hours ago

Salary

$186K - $210K / year

Seniority

Senior

English

Job Description

Staff Software Engineer, AI Security

Gusto

About Gusto At Gusto, we're on a mission to grow the small business economy. We handle the hard stuff — payroll, health insurance, 401(k)s, and HR — so owners can focus on their craft and their customers. With teams in Denver, San Francisco, and New York, we support more than 500,000 small businesses nationwide and are building a workplace that reflects the people we serve. All full-time employees receive competitive base pay, benefits, and equity (RSUs) — because everyone who helps build Gusto should share in its success. Offer amounts are determined by role, level, and location. Learn more about our Total Rewards philosophy. AI is a fundamental part of how work gets done at Gusto. We expect all team members to actively engage with AI tools relevant to their role and grow their fluency as the technology evolves. AI experience requirements vary by role and will be assessed during the interview process. About the Role: We’re hiring a Staff Backend Software Engineer for our Product & AI Security Engineering team. You’ll own and evolve the security foundations behind Gusto’s products and AI/LLM experiences—from authentication and authorization at scale to securing core services and data.You'll define and own security architecture and standards across Gusto's products and AI/LLM experiences — setting the direction for authentication, authorization, and safe data handling, and building the platforms and guardrails that other teams rely on. About the Team: The Product & AI Security Engineering team sits at the intersection of product, platform, and AI at Gusto. We prioritize high‑leverage projects that reduce risk, harden our foundations, and unlock faster delivery for other teams. We build security tools and services, embed with partner teams when needed, and set best practices for authentication, authorization, and safe data handling—especially as we adopt AI and LLMs. Here’s what you’ll do day-to-day: - Design, build, and operate authentication and authorization systems that work at Gusto scale. - Strengthen core services and data protections, including access control, storage, and APIs. - Detect and mitigate account takeover and other abuse, improving safety for our customers. - Build security platforms and tooling that help product and AI teams move quickly and safely. - Own and improve high-availability security and identity services that other teams depend on. - Tackle ambiguous AI/LLM security problems from threat modeling to practical mitigations. - Provide leadership in promoting security and software engineering excellence. Here’s what we're looking for: - 10+ years of experience as a backend engineer, building and operating large-scale server-side services and APIs - Proven track record building secure, highly available distributed systems and services. - Hands-on experience with modern security tooling and practices (e.g., SAST, DAST, SIEM, SCA). - Proficiency in one or more of: Ruby, Python, Kotlin, JavaScript/TypeScript - Experience with AI tools for coding (ex: Cloud Code, Cursor, Github Copilot) - Strong collaboration skills and comfort breaking down complex, cross‑cutting security and AI problems into clear, practical solutions. Required: - Strong backend software engineering skills — you write clean, scalable, well-tested code - Experience building and operating high-availability services at scale - Ability to partner cross-functionally and communicate technical tradeoffs clearly - Genuine interest and desire to grow within the security domain — you don't need to have worked in security before, but you're excited to get started. Nice to have: - Experience with authorization platforms/policy engines (e.g., Open Policy Agent, SpiceDB) and technologies like GraphQL, gRPC, Kubernetes, Terraform, Traefik, Flask, Okta. - Experience with authentication and authorization, such as SAML/SSO, RBAC, and ABAC. - Familiarity with security concepts like access control, abuse detection, or data protection - Prior work on security tooling or platforms Our cash compensation amount for this role is targeted at $181,000-215,000 in Denver & most remote locations, and $218,94-260,000 in the San Francisco Bay Area, Seattle, and NYC. Stock equity is additional. Final offer amounts are determined by multiple factors including candidate experience and expertise and may vary from the amounts listed above. Gusto has physical office spaces in Denver, San Francisco, and New York City. Employees who are based in those locations will be expected to work from the office on designated days approximately 2-3 days per week (or more depending on role). The same office expectations apply to all Symmetry roles, Gusto's subsidiary, whose physical office is in Scottsdale. Note: The San Francisco office expectations encompass both the San Francisco and San Jose metro areas. When approved to work from a location other than a Gusto office, a secure, reliable, and consistent internet connection is required. This includes non-office days for hybrid employees. Our customers come from all walks of life and so do we. We hire great people from a wide variety of backgrounds, not just because it's the right thing to do, but because it makes our company stronger. If you share our values and our enthusiasm for small businesses, you will find a home at Gusto. Gusto is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Gusto considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Gusto is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. We want to see our candidates perform to the best of their ability. If you require a medical or religious accommodation at any time throughout your candidate journey, please fill out this form and a member of our team will get in touch with you. Gusto takes security and protection of your personal information very seriously. Please review our Fraudulent Activity Disclaimer. Personal information collected and processed as part of your Gusto application will be subject to Gusto's Applicant Privacy Notice.

Related Categories

Related Job Pages

More Security Engineer Jobs

Fresenius Medical Care logo

Corporate Security Intelligence Lead

Fresenius Medical Care

Creating a future worth living. For patients. Worldwide. Every day.

Full TimeRemoteTeam 10,001+Since 1996H1B Sponsor

• Develop and execute a global strategy to identify, assess, and mitigate threats • Lead the corporate security intelligence function and insider threat risk program • Design, implement, and govern a corporate security intelligence strategy • Manage a globally dispersed team delivering threat analysis, investigations, and executive briefings • Establish and mature intelligence collection methodologies and analytical frameworks • Develop an Insider Threat Risk Management Program • Ensure compliance with global privacy, labor, and data protection laws • Plan and direct enterprise investigative strategies and programs • Design and implement insider threat detection tools and analytics • Deliver threat awareness briefings and compliance training.

Massachusetts + 2 moreAll locations: Massachusetts | Pennsylvania | Washington
Fresenius Medical Care logo

Physical Security Lead

Fresenius Medical Care

Creating a future worth living. For patients. Worldwide. Every day.

Full TimeRemoteTeam 10,001+Since 1996H1B Sponsor

• Serve as the global leader for physical security strategy, standards, and operational execution • Act as Deputy Head of Corporate Security Center of Excellence (CoE), assuming leadership responsibilities in their absence and supporting enterprise-wide security governance • Develop and maintain security policies, standards, and procedures aligned with healthcare regulations, corporate risk tolerance, and global best practices • Advise executive leadership on emerging physical security risks affecting healthcare operations, workforce safety, and patient care • Oversee security programs for dialysis clinics, healthcare offices, and patient-facing facilities, ensuring balance between safety, accessibility, and patient dignity • Lead enterprise-wide Workplace Violence Prevention (WPVP) programs • Establish and manage Behavioral Threat Assessment and Management (BTAM) frameworks in coordination with HR, Legal, and leadership • Ensure proactive identification, assessment, and mitigation of threats involving employees, patients, visitors, and third parties • Lead or oversee complex investigations involving threats, violence, theft, misconduct, or security breaches • Ensure training aligns with healthcare requirements and local regulations

Massachusetts + 1 moreAll locations: Massachusetts | Washington

SAP GRC Specialist

Bright Vision Technologies

Bright Vision Technologies is a forward-thinking software development company dedicated to building innovative solutions that help businesses automate and optimize their operations. We leverage cutting-edge technologies to create scalable, secure, and user-friendly applications. We recognize that our people are our strength. We are an equal opportunity employer and place a high value on diversity and inclusion. We do not discriminate on the basis of any protected attribute. We make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Bright Vision Technologies is an Equal Opportunity Employer, including Disability/Veterans.

Role Description We are seeking an experienced SAP GRC Specialist to design, implement, and operate security and access-control frameworks for complex SAP landscapes, including S/4HANA, ECC, BW/4HANA, Fiori, BTP, and SuccessFactors. In this role you will be responsible for: - SAP role design - User provisioning - Segregation-of-duties analysis - Audit support - The technical operation of SAP GRC suites The ideal candidate will combine deep expertise in SAP authorization concepts with strong hands-on experience operating SAP GRC Access Control and Process Control, and will partner closely with audit, compliance, and business teams to deliver a secure, auditable SAP environment. Qualifications - Bachelor’s degree in Computer Science, Engineering, or a related technical discipline. - Five or more years of SAP Security / GRC experience in enterprise landscapes. - Strong hands-on experience with SAP authorization concepts and role design. - Deep experience operating SAP GRC Access Control (ARA, ARM, BRM, EAM). - Experience supporting SAP audits and remediation activities. - Hands-on experience securing Fiori, BTP, and cloud SAP applications. - Familiarity with SAP IDM or third-party IGA tooling. - Working knowledge of SAP Process Control. - Strong understanding of regulatory frameworks such as SOX, GxP, and PCI. - Excellent communication and documentation skills. Requirements - Design and maintain SAP authorization concepts and role structures aligned with business processes and least-privilege principles. - Build and maintain master, derived, composite, and business roles for S/4HANA, ECC, and Fiori applications. - Configure and operate SAP GRC Access Control (ARA, ARM, BRM, EAM), including ruleset management, mitigating controls, and emergency access management. - Perform segregation-of-duties analysis and remediation in collaboration with business process owners and internal audit. - Configure user provisioning workflows in SAP GRC ARM, including request types, approval paths, and integration with IDM/IAM platforms. - Operate SAP GRC Process Control for continuous controls monitoring and policy management. - Implement security for Fiori applications, including catalogs, groups, and front-end authorizations. - Configure and operate security for SAP BTP and cloud applications using XSUAA, IAS, and IPS. - Support SAP audits (SOX, GxP, PCI) and respond to audit findings with documented remediation plans. - Implement transport security, table logging, and audit logging in line with internal security policies. - Monitor and remediate SAP Security Notes in coordination with Basis and DBA teams. - Maintain comprehensive, current technical documentation — including architecture diagrams, design decisions, configuration references, runbooks, and operational procedures. - Mentor junior team members and support knowledge transfer across the security team. Benefits - 100% Remote (Continental United States) - Salary: $150K - $185K - This is a full-time, direct W2 position with Bright Vision Technologies. - No third-party client, vendor, or implementation partner involved. - Support for H1B transfers for qualified candidates. How to Apply For immediate consideration, please send your resume to [email protected] or contact us at (908) 505-3544.

United States
$150K - $185K / year
Cashea logo

Incident Response Engineer

Cashea

Compra ahora y paga después, en cuotas sin interés. El impulso que mereces.

Full TimeRemoteTeam 501-1,000Since 2022H1B No Sponsor

• Investigar y responder incidentes de seguridad • Operar el SIEM para realizar consultas y análisis que soporten investigaciones • Administrar, configurar y diseñar automatizaciones en el SOAR • Desarrollar herramientas y scripts propios para automatizar respuestas • Ejecutar tareas de Threat Intelligence que involucran investigación de actores de amenaza • Llevar a cabo investigaciones forenses en endpoints y servidores

Argentina