Senior Security Engineer

About the team: The Security Engineering team is responsible for protecting Sift’s products, infrastructure, and data while enabling our engineering organization to ship quickly and safely. We embed with product and platform teams, build and run security tooling, and design controls that scale across our cloud‑native environment. As a Senior Security Engineer, you’ll be a key technical contributor and subject‑matter expert, working on projects that materially reduce risk and strengthen Sift’s security posture. Role: In this role, you will design, implement, and operate security controls and tooling across Sift’s stack. You’ll work closely with Engineers, SREs, IT, and Legal/Compliance to secure our systems end‑to‑end—from application code and CI/CD pipelines to cloud infrastructure and identity. You will also help define our standards, mentor other engineers on secure practices, and contribute directly to audits and compliance efforts. What you’ll do: Design and implement security controls and tooling across Sift’s infrastructure and applications (e.g., IAM policies, network controls, secrets management, endpoint protections, container and workload security). Embed with product and platform teams to perform security design reviews, threat modeling, and code or configuration reviews for new features and services. Improve the secure SDLC by integrating AI-powered scanning tools, security scanning (SAST/DAST, dependency and container scanning) into CI/CD, and by developing guardrails, templates, and best practices for engineers. Own or co‑own vulnerability management workflows, from discovery and triage through remediation, including defining SLAs, coordinating with service owners, and tracking closure. Develop automation (scripts, services, integrations) to detect misconfigurations, anomalous activity, or policy violations, and to reduce manual operational work for the security team. Participate in security incident response (on‑call rotation or escalation), including investigation, containment, root cause analysis, and long‑term fixes. Contribute to security documentation and standards, ensuring we have clear, actionable guidance for engineers on topics like authentication, authorization, data encryption, and key management. Support audits and assessments (e.g., SOC 2, customer security questionnaires) by providing technical details and evidence of control design and effectiveness. Mentor other engineers on secure design and implementation practices through pairing, reviews, training sessions, and written guidance. What will make you a strong fit: 5+ years of experience in security engineering, infrastructure engineering, or application security, ideally in a B2B SaaS or cloud‑native environment. Hands‑on experience with at least one major public cloud platform (e.g., GCP, AWS), including IAM, networking, logging/monitoring, and security services. Strong proficiency in at least one programming or scripting language (e.g., Python, Go, Java, or similar) and experience using code to automate security controls or detection. Direct experience with AI/LLM-specific security risks (prompt injection, model supply chain, etc.) Demonstrated knowledge of secure application and system design, including topics like authentication/authorization, encryption in transit and at rest, least‑privilege access, and secrets management. Experience with security tooling such as vulnerability scanners, SAST/DAST tools, SIEM/centralized logging, endpoint protection, or cloud security posture management. Solid understanding of common vulnerabilities and attack patterns (e.g., OWASP Top 10, misconfigurations, supply‑chain risks) and how to mitigate them in practice. Ability to work cross‑functionally with engineering, IT, and compliance/legal teams, and to translate security requirements into practical implementation details. Clear written and verbal communication skills, including the ability to document designs and decisions and to educate others on security best practices. A collaborative, pragmatic approach: you’re comfortable making risk‑based decisions, proposing options, and supporting teams in implementing secure, scalable solutions. Let’s build it together: At Sift, we are intentionally building a diverse, equitable, and inclusive workplace. We believe that diversity drives innovation, equity is a fundamental right, and inclusion is a basic human need. We envision a place where all Sifties feel secure sharing their authentic selves and diverse experiences with their teams, their customers, and their community – ultimately using this empowerment and authenticity to build trust and create a safer Internet. This document provides transparency around how Sift handles the personal data of job applicants: https://sift.com/recruitment-privacy A little about us: Sift is the AI-powered fraud platform securing digital trust for leading global businesses. Our deep investments in machine learning and user identity, a data network scoring 1 trillion events per year, and a commitment to long-term customer success empower more than 700 customers to grow fearlessly. Global brands rely on Sift to unlock growth and deliver seamless consumer experiences. Visit us at sift.com and follow us on LinkedIn.