Senior Staff Security Engineer

About League Established in 2014, League Inc. stands at the forefront of healthcare consumer experience (CX) platforms, leveraging cutting-edge artificial intelligence (AI) to connect with over 63 million individuals globally. Our platform enables payers, providers, and health partners to deliver engaging healthcare solutions that enhance health outcomes. With over $285 million in venture funding, League powers the digital experiences of some of healthcare's most reputable brands, including Highmark Health, Manulife, Medibank, and Shoppers Drug Mart.Position SummaryAs a Senior Staff Security Engineer, you will play a pivotal role in shaping the long-term security architecture and strategy for our platform and engineering organization. Our security engineering teams are vital in integrating security measures throughout the development lifecycle and managing vulnerabilities. We believe in a 'security by design' approach, creating or acquiring tools that seamlessly integrate into our platform, empowering engineers to consistently produce high-quality, secure code.Your responsibilities will extend beyond incremental improvements as you tackle significant and complex security challenges. You will design foundational security components, frameworks, and reference architectures, establishing a 'paved road' that minimizes the risk of insecure code deployment. This role is crucial in embedding security and compliance controls into the foundational fabric of League's technology.About the RoleArchitectural Leadership: Define and advocate for the long-term technical security roadmap, architectural patterns, and standards across League's applications, infrastructure, and multi-cloud environments.Cross-Functional Strategy: Serve as the primary security technical advisor to platform, product, and executive leadership, aligning on multi-quarter security initiatives.Security Design Governance: Lead high-stakes, complex security design initiatives to ensure best practices are followed.

About FullscriptFullscript is a pioneering health technology company dedicated to enhancing patient care through innovative solutions. Founded in 2011, we aimed to simplify access for practitioners to trusted products, thereby improving the quality of care.Our platform now supports over 125,000 practitioners, providing them with clinical insights, lab interpretations, patient analytics, educational resources, and access to premium supplements. With more than 10 million patients relying on Fullscript, we help ensure that care plans remain accessible and actionable.We create tools that enhance the quality and humanity of care, optimizing time and decision-making for practitioners. By centralizing essential resources, we empower healthcare providers to focus on their core mission: helping people get better.Your Invitation to Join UsWe invite you to bring your innovative ideas, determination, and compassion for people to our team.Join us in transforming the future of healthcare.Fullscript is on the lookout for a highly skilled Senior Staff Security Engineer to take a pivotal role in our security team. In this senior technical position, you will define the technical strategy for product and AI security across our organization, while mentoring team members and making a significant impact through your extensive technical knowledge and collaborative efforts.

Discover OktaAt Okta, we are revolutionizing identity management. Our mission is to enable individuals to securely utilize any technology, anytime, on any device or application. Through our versatile Okta Platform and Auth0 Platform, we deliver secure access, authentication, and automation, placing identity at the forefront of business security and growth.We value diverse perspectives and experiences at Okta. We're not just seeking candidates who meet every requirement; instead, we are looking for lifelong learners who can enrich our team with their unique insights.Join us in creating a world where identity is in your hands.The TeamOur Workforce Identity Cloud Security Engineering group is at the cutting edge of innovation, turning visionary ideas into top-notch security software solutions that support large-scale, mission-critical applications. Our security engineering team possesses a unique skill set that merges security expertise with the ability to design, implement, and deploy security features seamlessly, enhancing product functionality without hindrance. We are committed to elevating customer safety and privacy through robust security services integrated with the Okta core product.The RoleWe are in search of a seasoned and enthusiastic Staff Software Security Engineer to join our Workforce Identity Cloud Security Engineering group. This role focuses on architecting and developing security solutions that strengthen our frameworks and infrastructure. You will be encouraged to implement defense-in-depth strategies, adhere to industry security standards, and uphold the principle of least privilege, thereby enhancing our security posture.This high-impact position is set within a security-focused, dynamic organization that is on the brink of significant growth and achievement. You will serve as a key liaison between the Security and Engineering teams, forging technical synergies and shaping the security roadmap. Your efforts will concentrate on enhancing security and privacy aspects across our services, executing on a weekly release schedule. You will have the autonomy to propose exciting new projects for our roadmap and engage in initiatives utilizing cutting-edge technologies. Join us and contribute to transforming the cloud computing landscape.What You Will DoCollaborate with engineering and security teams to define innovative security roadmap requirements.Advocate security best practices and promote secure coding methodologies.

At BeyondTrust, we empower our employees to make a meaningful impact through their work, enhancing the security landscape with our innovative cybersecurity SaaS solutions. Our culture fosters flexibility, trust, and continuous learning, ensuring that your achievements are recognized and your contributions play a vital role in our collective success. You'll be part of a team that challenges, supports, and motivates you to reach your full potential. Your Role As a Staff Security Researcher, you will be at the forefront of advancing our identity security platform. By merging state-of-the-art security research with strong engineering methodologies, you will transform groundbreaking research into operational systems that safeguard our clients against intricate identity-based threats. This position offers a unique chance to influence the future of identity security through innovative research, scalable engineering solutions, and thought leadership within the cybersecurity community. For insights into our recent projects, visit our page on X: https://x.com/btphantomlabs. This will help you assess our mutual fit.

About FaireFaire is a dynamic online wholesale marketplace driven by the belief that the future lies in local commerce. Independent retailers worldwide are achieving greater revenue than giants like Walmart and Amazon combined, yet remain relatively small in stature. At Faire, we harness the power of technology, data, and machine learning to connect this vibrant community of entrepreneurs around the globe. Imagine your favorite local boutique—we empower them to discover the finest products globally to stock their shelves. With the right tools and insights, we aim to level the playing field, enabling small businesses everywhere to compete against large box stores and e-commerce behemoths.By championing the growth of independent enterprises, Faire fosters positive economic impacts within local communities on a global scale. We are on the lookout for intelligent, resourceful, and passionate individuals to join us as we drive the shop-local movement. If you believe in the power of community, we invite you to be a part of ours.Role Description:Our Engineering organization is the backbone of our marketplace, responsible for the software that enables it to function seamlessly. The Product Security team empowers product engineering teams to create and deploy secure software solutions. We prioritize best engineering practices, striving to deliver software that is secure, thoroughly tested, easy to maintain, and capable of scaling to millions of users. We develop scalable, reusable frameworks, consult with product teams, leverage data-driven insights, and continually iterate on our practices.As a Senior Staff Software Engineer in Product Security, you will take on the role of technical lead for the Product Security domain. You will establish the long-term technical vision for integrating security within Faire’s application framework. Collaborating closely with Platform and Product Engineering teams, you will identify and mitigate security vulnerabilities, spearhead significant security initiatives, and mentor engineers across the organization to enhance secure engineering practices.Additionally, you will lead cross-functional programs to embed security deeply within our architecture, pipelines, and developer experience, effectively minimizing risk while maintaining development velocity.In this role, you will:Define the long-term technical strategy for application security at Faire, establishing scalable and developer-friendly frameworks and principles that facilitate secure development across all product areas.

About Pantheon Pantheon WebOps Platform empowers the open web, hosting over 300,000 sites in the cloud for esteemed clients like Google, Princeton, Salesloft, and Doctors Without Borders. Every day, countless developers and marketers design, iterate, and scale WordPress and Drupal websites, reaching billions of users worldwide. Pantheon’s multitenant, container-based platform allows organizations to manage all their websites seamlessly from a single dashboard. Renowned companies, including Clorox and the United Nations, achieve remarkable results through accelerated development and real-time publishing utilizing Pantheon’s collaborative workflows. The Role As part of Pantheon’s Security Engineering team, you will play a crucial role in protecting, auditing, and testing the security of our comprehensive platform. We are dedicated to implementing a robust and multi-faceted approach to application security, emphasizing Security by Design within agile software development and cloud-native environments. We are on the lookout for a motivated and experienced application security engineer to join our expanding team. The Staff Security Engineer will hold a pivotal strategic and technical position within the Application Security team. Our mission is to ensure the security, audit, and testing of the entire cloud hosting platform across several core areas: Security by Design: Integrate “Security by Design” principles into agile software development and cloud-native frameworks. Support and Mentorship: Serve as Subject Matter Experts (SMEs), providing mentorship and guidance to enhance all security engineering initiatives organization-wide. Standard Setting: Establish, organize, and implement application security policies, processes, standards, and guidelines. Application Security Performance: Assist engineering teams in designing and constructing high-performing, secure applications by addressing security issues through risk-based methodologies. What You Will Do Policy Definition: Develop, document, and advocate for processes and practices that ensure a secure Software Development Life Cycle (SDLC). Security Culture: Be a key player in fostering a robust security culture within platform engineering teams. Proactive Security: Lead Threat Modeling initiatives as a fundamental aspect of the Secure by Design strategy. Secure Design Reviews: Conduct thorough Secure Code and Architecture Design assessments.

Join Homebase as a Staff Security Engineer specializing in Application Security in a hybrid work environment. In this pivotal role, you will be responsible for enhancing our security posture while ensuring that our applications remain safe and secure. You will collaborate with cross-functional teams to identify vulnerabilities, implement security controls, and promote best practices in application development.We seek a proactive individual who is passionate about cybersecurity and eager to contribute to building robust security solutions. You will play a key role in shaping the security framework of our applications.

Join Mozilla: Shape the Future of the InternetAt Mozilla Corporation, a non-profit-backed technology leader for over 25 years, we are dedicated to improving the internet experience for users worldwide. Home to innovative products like Firefox, our mission revolves around creating a web that prioritizes user privacy and security. With over 225 million monthly users, we are at the forefront of technology advancement in areas such as artificial intelligence, social media, and security, committed to building an internet that serves people, not corporations.As a wholly owned subsidiary of the Mozilla Foundation, we focus on our mission without the influence of shareholders. Together with a global community of contributors and collaborators, we design, build, and distribute open-source software, empowering individuals to navigate the internet on their terms.About the Role:We are seeking a dedicated Incident Responder to join our dynamic team, responsible for monitoring and mitigating security threats across Mozilla’s products and services. This role requires extensive practical security experience and an in-depth understanding of modern attack detection and response techniques. You will be a trusted resource for Mozillians company-wide, providing swift and effective incident response while collaborating with diverse stakeholders. As a vital member of our team, you will help safeguard the integrity of Mozilla’s offerings and ensure the safety of our users in our pursuit of a more secure internet.Key Responsibilities:Monitor and respond to security incidents globally.Serve as incident commander, guiding incidents through the entire response lifecycle.Develop and maintain a suite of security alerts, automated responses, playbooks, and escalation workflows, supporting our 24/7 incident response capabilities.

Join Thumbtack in Transforming Home Care!At Thumbtack, we empower millions of individuals to manage and enhance their homes with confidence. Our app is a comprehensive solution for home maintenance, offering everything from personalized recommendations to cutting-edge AI tools, all designed to create a seamless hiring experience. Every day, homeowners across the U.S. rely on Thumbtack to undertake urgent repairs, seasonal upkeep, and significant renovations. If you are inspired by the prospect of making a meaningful impact, we invite you to be part of our journey. Together, we can shape the future of home care.About the Cybersecurity TeamThe Security Engineering team at Thumbtack is dedicated to driving innovation at scale by integrating security into our core processes. We believe that robust security can enhance operational speed rather than hinder it. By embedding security within our systems, platforms, and developer workflows from the outset, we create a secure environment that fosters rapid innovation.We collaborate closely with Product, Engineering, Platform, and Data teams to design systems, inform architectural choices, and continuously improve Thumbtack’s security posture as we grow. Through effective collaboration, automation, and strategic decision-making, we ensure that Thumbtack can deliver quickly, innovate boldly, and maintain the trust of our customers.The Challenge AheadAs Thumbtack expands its offerings and integrates AI-driven features, our security practices must evolve to keep pace with innovation. The increasing complexity of our services, deployment strategies, and data flows requires a shift from traditional manual reviews to proactive security measures embedded within our systems. Our objective is to create secure defaults and reusable components that engineering teams can implement with ease, allowing them to operate swiftly while significantly mitigating risk.Your Role and ResponsibilitiesLead the long-term technical vision for application security across Thumbtack, while developing prioritized roadmaps to address systemic security vulnerabilities throughout our application stack.Manage large-scale, cross-functional security projects from conception through to execution.Create secure-by-default architectures, standards, and guided paths that facilitate engineering efforts. Develop and implement shared security tools, libraries, and services that empower our engineering teams to deliver efficiently and securely.

Discover OktaAt Okta, we are recognized as the world leader in identity management. Our mission is to empower individuals to securely access any application or service across any platform and device. With our innovative solutions, including the Okta Platform and Auth0 Platform, we put identity at the forefront of business security and operational growth.We value diverse perspectives and experiences, fostering an inclusive environment. We are not just looking for candidates who meet every qualification; we seek lifelong learners who can enrich our team with their unique insights.Become a part of our mission! We’re creating a future where identity is truly in your hands.As a Staff Engineer in Okta’s Defensive Cyber Engineering team, you will play a crucial role in securing Okta’s infrastructure. Collaborating closely with Security, Business Technology Engineering, and Product teams, you will design, implement, and manage security solutions that safeguard our workforce, endpoints, and corporate assets.To thrive in this role, you must possess a strong commitment to integrating tools and people to tackle complex security challenges. This requires an engineering-driven mindset, emphasizing the optimization of existing security tools while strategically developing or acquiring new solutions to address any outstanding security vulnerabilities.Your enterprise security expertise, combined with practical engineering skills, will enable you to leverage automation, policy-as-code, and cloud-native technologies to create robust, scalable, and secure solutions. Your contributions will set the standard for security best practices across the organization and will significantly influence the architecture of critical business systems.

Empower Every Identity, from AI to HumanityAt Okta, we believe identity is the gateway to unlocking the full potential of AI. Our mission is to secure AI by establishing a trusted and neutral infrastructure that enables organizations to safely navigate this transformative era. We seek passionate builders and proactive problem solvers who thrive in a fast-paced environment and are committed to excellence.This is your chance to engage in career-defining work. If you share our mission, we want to hear from you!The Okta Security team is dedicated to reinforcing Okta’s role as the premier Identity-as-a-Service provider by identifying and mitigating risks to our employees, products, and most importantly, our customers.As part of the Security Trust & Culture team, we focus on bolstering customer confidence in Okta’s identity services. We collaborate closely with Okta’s go-to-market teams, serving as a key resource. The Customer Assurance team acts as the central repository for security information, offering extensive guidance and resources to enable our customers to effectively manage their risks.As a Staff Security Analyst in Customer Assurance, you will prioritize and respond efficiently to inquiries regarding our security program and related due diligence requests. You will serve as an essential link between our customers and internal engineering teams, ensuring clear communication regarding Okta’s security posture. Your responsibilities will include training local sales teams, managing complex escalations, and driving technological innovations to globally enhance Customer Assurance efforts.This role demands a unique skill set: the ability to analyze technical issues, communicate security-related topics effectively to both internal and external stakeholders, collaborate with internal business units for timely project execution, and present information to upper management as necessary. The ideal candidate will possess experience in SaaS cloud security risk assessment and a robust understanding of identity management core principles. If you aspire to make a significant impact on the security program of a leading global cloud provider, we invite you to join us.

As a Staff Product Security Engineer at Affirm, you will play a critical role in safeguarding our products and systems by identifying vulnerabilities and implementing effective security measures. Your expertise will help shape our security strategies, ensuring that we maintain the highest standards of security throughout the product lifecycle.You will collaborate closely with cross-functional teams, providing guidance on security best practices and conducting threat assessments. Your work will directly impact the security posture of our products and the trust of our customers.

Who are we?At Cohere, our mission is to harness the power of intelligence for the benefit of humanity. We specialize in training and deploying cutting-edge models for developers and enterprises, enabling them to create innovative AI systems that deliver extraordinary experiences in content generation, semantic search, retrieval-augmented generation (RAG), and intelligent agents. Our endeavors are pivotal in accelerating the global adoption of AI technologies.We are dedicated to excellence in our craft. Each team member plays an essential role in enhancing the capabilities of our models and the value they provide to our clients. Our culture is built on hard work, rapid iteration, and a relentless focus on what is best for our customers.Cohere is comprised of a diverse team of researchers, engineers, designers, and more—each a leader in their field. We believe that diverse perspectives are crucial for creating exceptional products.Join us in our quest to shape the future of AI!About the RoleAre you passionate about secure software engineering? Do you aspire to be at the forefront of AI innovation and security? Our North team at Cohere is on the lookout for a Senior Software Engineer focusing on security to join us in our mission and make a substantial impact. This is not merely an advisory position; you will take ownership of and deliver production-level security features that our clients rely upon daily.Your Role:As a Senior Software Engineer with a specialization in security, your contributions will be vital in architecting and securing North's infrastructure. Your responsibilities will encompass:Software Development: Actively participate in the core development of security features like OIDC/OAuth flows and session management, ensuring the security of North's AI agents.Secure Coding: Write robust code to manage OIDC tokens, user claims, and sensitive information, following best practices for JWT validation and encryption.Authentication and Data Protection: Implement authentication protocols, including user login, token management, and authorization checks to safeguard data integrity.Tool Integration: Integrate new security tools to enhance North's capabilities.DevSecOps: Design and execute secret management in Kubernetes clusters, focusing on encryption and role-based access control (RBAC).Cross-functional Collaboration: Utilize strong communication skills to convey security best practices to stakeholders clearly and effectively.You may be a great fit if:You have 5+ years of experience in building secure software applications.You possess a deep understanding of security protocols and practices.You are proficient in coding languages and frameworks relevant to security development.You have a track record of successful collaboration in cross-functional teams.

Join Movable Ink as a Product Security Engineer and play a pivotal role in safeguarding our codebases, CI/CD pipelines, and overall development practices. In this hands-on position, you'll adopt a security-first mindset while collaborating with engineering teams to streamline software delivery while minimizing risk. Your expertise will be crucial in enhancing automation processes that protect our code and infrastructure, especially in the face of rising threats from AI coding tools and supply chain attacks. This role is vital for proactively identifying and mitigating vulnerabilities before they are deployed to production.

Samsara builds Connected Operations Cloud technology that supports organizations in agriculture, construction, field services, transportation, and manufacturing. The platform uses IoT data to help these industries improve safety, efficiency, and sustainability. As a public company, Samsara empowers team members to influence the future of physical operations, offering both independence and support. Role overview The Senior Security Engineer - Enterprise Security focuses on building, operating, and maintaining security infrastructure for Samsara’s corporate environment. This position collaborates with a global engineering team to develop a security engineering program that follows current best practices. What you will do Work with stakeholders to design security solutions that balance protection with usability Develop automated alerting and response tools for security events Contribute insights on potential threats in production environments Mentor and support junior engineers within the security team Requirements Experience with a range of security technologies and practices Ability to collaborate with global engineering teams Strong communication skills for partnering with stakeholders Located in Canada within the Pacific Standard Time zone This is a fully remote position based in Canada, limited to candidates within the Pacific Standard Time zone.

Location: Remote, Canada or US GitLab Inc. is hiring a Software Security Engineer to work remotely from Canada or the US. This role focuses on strengthening security across the GitLab product and developing tools that detect and prevent abuse on SaaS platforms. The position is part of the Trust and Safety team, which manages core abuse prevention systems and delivers features that help keep customers safe, such as Compromised Password Detection for GitLab.com. What you will do Implement security improvements directly within the GitLab product Develop and maintain tools to identify and prevent abuse on SaaS platforms Analyze abuse patterns and trends, designing systems to stop malicious user activity Support customer safety by building and maintaining prevention mechanisms Who this role suits This position is well suited to software engineers who want to move into security engineering. Experience working with large Ruby on Rails codebases is important. Formal security engineering experience is not required. Learn more Additional details about the Trust and Safety team and this role’s responsibilities can be found in the GitLab handbook and blog. For more on Compromised Password Detection, see this post.

About RootlyAt Rootly, we are dedicated to transforming how organizations respond to incidents, striving to enhance reliability across all sectors. Our cutting-edge incident management platform empowers companies globally to address incidents swiftly and effectively. We're not just redefining an industry; we're pioneering a new multi-billion dollar segment and require exceptional talent to help us realize this ambitious vision.Our clients include some of the fastest-growing names in the world, such as NVIDIA, Figma, Canva, Tripadvisor, and Squarespace, who trust Rootly to streamline their critical incident management processes. They appreciate our robust, enterprise-ready platform and collaborative partnership model, consistently rating us 5 stars on G2.Our investors share our enthusiasm. Backed by prominent funds including Y Combinator, along with industry leaders from Dropbox and GitHub, we prioritize transparency in our culture. Monthly financial reviews keep our team informed about the business's health, and our weekly changelog keeps everyone updated on our developments.About the RoleAs a Senior Security Engineer, you will be instrumental in advancing our security initiatives, working closely with diverse teams to ensure the reliability and scalability of our products. You will design systems, tools, and solutions that secure our mission-critical applications while contributing to organization-wide efforts to automate, optimize, and enhance our security protocols.Develop security solutions that not only meet rigorous standards but also exceed the expectations of our developers and customers.Play a key role in vital security initiatives, including identity and access management, vulnerability management, incident response, security control implementation, and infrastructure security.Collaborate closely with engineering teams to deliver secure, reliable, and scalable solutions for our valued customers.With our expanding customer base, tackle intriguing technical challenges to scale our product effectively.Participate in the on-call rotation, swiftly addressing and resolving security incidents as they occur.

Role overview Cozey is hiring a Staff Analytics Engineer to help shape the future of analytics engineering within the company. This position is based in Canada and reports directly to Frank Joly, Director of Data Engineering. The role centers on building and maintaining the data models, pipelines, and frameworks that inform business decisions. Setting technical standards for data structure, documentation, and trust is a key part of helping teams work efficiently and confidently. What you will do Design, build, and maintain scalable dbt data models that serve as the single source of truth for important business metrics. Collaborate with teams across Cozey to make sure data remains accurate and accessible. Lead initiatives to improve data quality, reliability, and the efficiency of analysis. Reporting line This position reports to Frank Joly, Director of Data Engineering. Location This role is open to candidates based in Canada.

About the RoleGreetings! I'm Dave Dowe, the Senior Manager of Security Engineering at Jane. Over the past two years, I've had the privilege of leading our dedicated team that safeguards our platform, focusing on incident response, cloud security, and essential operational functions.Our Security Operations team stands as the frontline of our security program. We are the initial point of contact for team inquiries, diligently monitoring alerts, triaging incidents, and being the go-to individuals when challenges arise. This role is crucial because true security is a collaborative effort; it thrives on trust and open communication between engineering and security teams. In this position, you will have the opportunity to explore AI and automation to streamline workflows, reduce repetitive tasks, and maximize your contributions.We're seeking a candidate who perceives security as a partnership rather than a barrier. You will manage a security service desk, respond to and act upon alerts across our tools, and participate in on-call rotations, all while genuinely supporting the teams you work with. Expect to work with clarity and empathy, build trust through consistent follow-through, and foster a security culture that teams are eager to engage with.This is an L2 position where you'll independently handle defined security operations tasks while closely collaborating with our Enterprise and Cloud Security engineers.Your ImpactReduce operational toil: Innovate security workflows using AI and automation, develop simple tools to ease team efforts, and share insights from your experiences, both successes and lessons learned.Build trust: Foster strong relationships with engineering and cloud teams by addressing security requests with genuine care, clear communication, and dependable follow-through, encouraging teams to seek your guidance early on.Own alert triage and incident response: Ensure prompt and thorough investigation of security findings, escalate issues appropriately, and maintain clear documentation for team learning.Maintain security tools: Keep our security tools well-configured and updated based on hands-on experience, proactively spotting issues to prevent alert fatigue and missed threats.Collaborate in incident response: Efficiently manage on-call shifts, independently resolve incidents where possible, thoughtfully escalate when needed, and view every incident as a learning opportunity.

Overall Purpose: The Network Security Engineer will be responsible for designing and implementing robust network security solutions across all phases of network security. This includes leveraging Managed Security Services encompassing Firewalls, IDS, Proxies, and Routers to safeguard Telecommunications and third-party client networks.Roles & Responsibilities:Deliver intricate network security solutions that support customer billable projects, ensuring timely delivery while meeting both business and technical requirements.Investigate attempts or successful breaches to systems security and devise effective countermeasures.Oversee the maintenance and management of hardware, software, network firewalls, and encryption protocols.Administer security policies to regulate both physical and virtual access to systems.Provide management with insights regarding the detrimental impacts on the business resulting from theft, destruction, alteration, or denial of access to information and systems.