Senior Security Engineer

Sift


Job Location:

Seattle, OR - USA

Monthly Salary: $ 145 - 200
Posted on: 8 hours ago
Vacancies: 1 Vacancy

Department:

Engineering

Job Summary

About the team:


The Security Engineering team is responsible for protecting Sifts products infrastructure and data while enabling our engineering organization to ship quickly and safely. We embed with product and platform teams build and run security tooling and design controls that scale across our cloudnative environment. As a Senior Security Engineer youll be a key technical contributor and subjectmatter expert working on projects that materially reduce risk and strengthen Sifts security posture.

Role:
In this role you will design implement and operate security controls and tooling across Sifts stack. Youll work closely with Engineers SREs IT and Legal/Compliance to secure our systems endtoendfrom application code and CI/CD pipelines to cloud infrastructure and identity. You will also help define our standards mentor other engineers on secure practices and contribute directly to audits and compliance efforts.

What youll do:

  • Design and implement security controls and tooling across Sifts infrastructure and applications (e.g. IAM policies network controls secrets management endpoint protections container and workload security).

  • Embed with product and platform teams to perform security design reviews threat modeling and code or configuration reviews for new features and services.

  • Improve the secure SDLC by integrating AI-powered scanning tools security scanning (SAST/DAST dependency and container scanning) into CI/CD and by developing guardrails templates and best practices for engineers.

  • Own or coown vulnerability management workflows from discovery and triage through remediation including defining SLAs coordinating with service owners and tracking closure.

  • Develop automation (scripts services integrations) to detect misconfigurations anomalous activity or policy violations and to reduce manual operational work for the security team.

  • Participate in security incident response (oncall rotation or escalation) including investigation containment root cause analysis and longterm fixes.

  • Contribute to security documentation and standards ensuring we have clear actionable guidance for engineers on topics like authentication authorization data encryption and key management.

  • Support audits and assessments (e.g. SOC 2 customer security questionnaires) by providing technical details and evidence of control design and effectiveness.

  • Mentor other engineers on secure design and implementation practices through pairing reviews training sessions and written guidance.

What will make you a strong fit:

  • 5 years of experience in security engineering infrastructure engineering or application security ideally in a B2B SaaS or cloudnative environment.

  • Handson experience with at least one major public cloud platform (e.g. GCP AWS) including IAM networking logging/monitoring and security services.

  • Strong proficiency in at least one programming or scripting language (e.g. Python Go Java or similar) and experience using code to automate security controls or detection.

  • Direct experience with AI/LLM-specific security risks (prompt injection model supply chain etc.)

  • Demonstrated knowledge of secure application and system design including topics like authentication/authorization encryption in transit and at rest leastprivilege access and secrets management.

  • Experience with security tooling such as vulnerability scanners SAST/DAST tools SIEM/centralized logging endpoint protection or cloud security posture management.

  • Solid understanding of common vulnerabilities and attack patterns (e.g. OWASP Top 10 misconfigurations supplychain risks) and how to mitigate them in practice.

  • Ability to work crossfunctionally with engineering IT and compliance/legal teams and to translate security requirements into practical implementation details.

  • Clear written and verbal communication skills including the ability to document designs and decisions and to educate others on security best practices.

  • A collaborative pragmatic approach: youre comfortable making riskbased decisions proposing options and supporting teams in implementing secure scalable solutions.

Lets build it together:

At Sift we are intentionally building a diverse equitable and inclusive workplace. We believe that diversity drives innovation equity is a fundamental right and inclusion is a basic human need. We envision a place where all Sifties feel secure sharing their authentic selves and diverse experiences with their teams their customers and their community ultimately using this empowerment and authenticity to build trust and create a safer Internet.

This document provides transparency around how Sift handles the personal data of job applicants: little about us:
Sift is the AI-powered fraud platform securing digital trust for leading global businesses. Our deep investments in machine learning and user identity a data network scoring 1 trillion events per year and a commitment to long-term customer success empower more than 700 customers to grow fearlessly. Global brands rely on Sift to unlock growth and deliver seamless consumer experiences. Visit us at
and follow us on LinkedIn.


Required Experience:

Senior IC

About the team:The Security Engineering team is responsible for protecting Sifts products infrastructure and data while enabling our engineering organization to ship quickly and safely. We embed with product and platform teams build and run security tooling and design controls that scale across our ...

About Company

Sift’s fraud prevention and risk-based authentication platform empowers digital businesses to grow fearlessly and reduce risk without compromising trust.

View Profile View Profile