Security Engineer

Summary

Join PostHog, a remote-first company, as a Security Engineer and help enhance our security posture. You will be responsible for planning and building a security roadmap, reviewing architecture and product designs, setting up key security controls, running assessments, creating and maintaining security policies, leading incident response, and collaborating with engineers to improve security practices. PostHog values transparency, autonomy, and solving big problems. The ideal candidate possesses hands-on experience in building and running security infrastructure, strong knowledge of app, cloud, and network security, and a proven track record of leading security projects. The company offers a generous compensation package, unlimited time off, private medical insurance, pension contributions, parental leave, training budget, and various other perks.

Requirements

• Hands-on experience building and running security infrastructure
• Strong knowledge of app, cloud, and network security
• Led or owned security projects or programs before
• Self-starter who can set priorities and get stuff done
• Good at balancing security with developer experience
• Comfortable using open-source tools to solve security problems
• Big on automation and reducing manual steps
• Cloud experience (AWS, GCP, Azure – we’re on AWS)

Responsibilities

• Plan and build a practical security roadmap that fits our goals and how we work
• Review architecture and product designs to bake in security early
• Set up and run the next key controls we need – access, encryption, monitoring, etc
• Run assessments like pen tests, vuln scans, and code reviews
• Write and maintain lightweight policies and practices that people actually follow
• Lead incident response when needed – investigate, contain, and fix
• Work with engineers to improve our level of security in how we build and ship products

Preferred Qualifications

• Been a first or early hire in a security role at a startup
• Built up a security program from scratch
• Familiar with DevSecOps and related tooling
• Contributed to open-source security projects
• Implemented shift-left security practices in dev workflows

Benefits

• Generous, transparent compensation and employee-friendly equity in PostHog
• Unlimited time off with a 25-day minimum (in 2021 the team on average took 32 days off)
• Private medical insurance , including dental and vision (US and UK only)
• Pension/ 401k contributions (4% matching)
• Generous parental, bereavement and child loss leave
• Training budget and free books
• $200/month budget towards co-working or café working and $300/month for team socials
• Spill mental health chat
• $100/month budget to provide support to open-source projects
• We'll be your first investor
• Regular team off-sites (we went to Iceland in March) with carbon offsetting for work travel with Project Wren