Skip to main content
Sift

Senior Security Engineer

5w

Sift

San Francisco, US · Full-time · $145,000 – $200,000

About this role

The Security Engineering team protects Sift’s products, infrastructure, and data while enabling quick and safe shipping. As a Senior Security Engineer, you’ll be a key technical contributor and subject‑matter expert, working on projects that materially reduce risk and strengthen Sift’s security posture.

In this role, you will design, implement, and operate security controls and tooling across the stack. You’ll work closely with Engineers, SREs, IT, and Legal/Compliance to secure systems end‑to‑end—from application code and CI/CD pipelines to cloud infrastructure and identity.

You’ll embed with product and platform teams to perform security design reviews, threat modeling, and code or configuration reviews for new features and services. You will also improve the secure SDLC by integrating AI‑powered scanning tools, security scanning into CI/CD, and developing guardrails and best practices.

You’ll own or co‑own vulnerability management workflows, from discovery through remediation, and develop automation to detect misconfigurations or anomalous activity. Additionally, you will participate in incident response, contribute to security documentation, support audits, and mentor other engineers on secure practices.

Requirements

  • 5+ years of experience in security engineering, infrastructure engineering, or application security, ideally in a B2B SaaS or cloud‑native environment.
  • Hands‑on experience with at least one major public cloud platform (e.g., GCP, AWS), including IAM, networking, logging/monitoring, and security services.
  • Strong proficiency in at least one programming or scripting language (e.g., Python, Go, Java, or similar) and experience using code to automate security controls or detection.
  • Direct experience with AI/LLM-specific security risks (prompt injection, model supply chain, etc.).
  • Demonstrated knowledge of secure application and system design, including authentication/authorization, encryption in transit and at rest, least‑privilege access, and secrets management.
  • Experience integrating security scanning tools (SAST/DAST, container scanning) into CI/CD pipelines and managing vulnerability workflows.
  • Familiarity with compliance frameworks such as SOC 2 and ability to provide technical evidence for audits and customer security questionnaires.

Responsibilities

  • Design and implement security controls and tooling across Sift’s infrastructure and applications (e.g., IAM policies, network controls, secrets management, endpoint protections, container and workload security).
  • Embed with product and platform teams to perform security design reviews, threat modeling, and code or configuration reviews for new features and services.
  • Improve the secure SDLC by integrating AI-powered scanning tools, security scanning (SAST/DAST, dependency and container scanning) into CI/CD, and developing guardrails, templates, and best practices for engineers.
  • Own or co‑own vulnerability management workflows, from discovery and triage through remediation, including defining SLAs, coordinating with service owners, and tracking closure.
  • Develop automation (scripts, services, integrations) to detect misconfigurations, anomalous activity, or policy violations, and to reduce manual operational work for the security team.
  • Participate in security incident response (on‑call rotation or escalation), including investigation, containment, root cause analysis, and long‑term fixes.
  • Contribute to security documentation and standards, ensuring clear, actionable guidance for engineers on topics like authentication, authorization, data encryption, and key management.
  • Mentor other engineers on secure design and implementation practices through pairing, reviews, training sessions, and written guidance.