Senior Security Engineer 3

PagerDuty
Summary
Join PagerDuty's diverse team as a Senior Security Engineer and play a key role in leading and delivering security initiatives for our SaaS offerings. You will focus on application and product security, collaborating closely with engineering teams to ensure secure, reliable, and scalable solutions. This role involves defining product security standards, conducting security reviews, performing threat assessments, and mentoring team members. The ideal candidate will have experience in large and small enterprise environments, establishing security standards, and working with product development teams. You will be a hands-on technical lead, contributing to a secure-by-design approach and fostering a strong documentation culture. This exciting opportunity allows you to build security solutions that benefit both developers and customers.
Requirements
- Proficiency with Application & Product Security typically associated with 4 - 5 years of experience in a Security Engineering role working with a cloud-native, microservices environment, preferably AWS
- Familiarity with cloud-native product technologies including: Vulnerability detection via multiple approaches including SAST, DAST, SCA, and runtime (e.g., Qualys/Nessus, Wiz, Snyk, GHAS, Semgrep, etc.)
- CI/CD technologies and integrations (e.g., CircleCI, Buildkite, Helm, Terraform, Chef)
- Product security event logging standards and analysis tools (e.g., SIEM such as: SumoLogic, LogRythm, or Splunk, etc.)
- Security Incident Response & Risk Management processes and tools
- Proficiency in at least one programming language and framework (e.g. Python, Bash, Phoenix/Elixir, Java, Ruby on Rails), typically associated with 3 - 4 years of experience with the language/framework
- Have exceptional written, oral communication, and interpersonal skills
- Organizational skills with the ability to successfully manage multiple priorities and deadlines
Responsibilities
- Embrace the role of hands-on technical lead in defining product security standards and guiding platform protections
- Establish criteria and conduct comprehensive security reviews throughout all stages of product development to identify and address security risks
- Perform regular threat assessments, coordinate with third-party testers for penetration testing, and conduct internal penetration testing to identify and mitigate security risks
- Mentor and guide team members to ensure product and business objectives are prioritized in project implementations, fostering a strong documentation culture with project charters and design documents
- Work with loosely defined requirements where you exercise your analytical skills to clarify questions, share your approach, and collaborate with the team to design and implement effective security frameworks. Maintain a strong appetite for challenging problems with a high degree of ownership
- Participate in the teamβs On-Call rotation, triaging and addressing security issues as they arise, and implement measures to prevent future occurrences
- Enable service team security implementations by developing security-as-code constructs, including infrastructure-as-code (IaC) modules, libraries and frontend components, while creating and maintaining developer-focused documentation to promote easy adoption
- Establish and uphold baseline standards and hardened configurations for platform components
- Continuously enhance security frameworks by focusing on product security standards and software supply chain protections, tailored for application security in cloud-native, microservices environments
Preferred Qualifications
- Ability to analyze complex problems, develop solutions under guidance, and assist in implementing these solutions with a growing set of change management skills
- Possesses a strong sense of ownership and a keen discernment for excellence in securing systems within a SaaS environment, demonstrating the ability to distinguish what constitutes truly robust and effective product security
- Current or past experience with obtaining and maintaining FedRAMP authorization
- Experience working at a SaaS company larger than 1000 employees and $100M in revenue
- Familiarity with Cloud Infrastructure security (such as AWS GuardDuty, AWS CloudTrail, AWS Secrets Manager, AWS IAM & Identity Center, AWS Control Tower, Azure Security Center, Microsoft Defender for Cloud, etc.)
- Familiarity with Container Security (e.g., Kubernetes, EKS, AKS, service mesh, baseline/benchmark hardening, identity and secrets orchestration, etc.)
- Demonstrated history of mentoring and coaching
Benefits
- Competitive salary
- Comprehensive benefits package from day one
- Flexible work arrangements
- Generous paid vacation time
- Paid holidays and sick leave
- Dutonian Wellness Days - scheduled company-wide paid days off in addition to PTO
- Company equity*
- ESPP (Employee Stock Purchase Program)*
- Retirement or pension plan*
- Paid parental leave - up to 22 weeks for pregnant parent, up to 12 weeks for non-pregnant parent (some countries have longer leave standards and we comply with local laws)*
- HibernationDuty - an annual company paid week off when everyone at PagerDuty, with the exception of a small, coverage crew, is asked to take a much needed break to truly disconnect and recharge
- Paid volunteer time off - 20 hours per year
- Company-wide hack weeks
- Mental wellness programs