Senior Security Engineer

Summary

Join Arkestro's Security team as a Senior Security Engineer to lead application security efforts. Collaborate with engineers, designers, and product managers to embed security into the development lifecycle. Proactively identify and remediate security risks in code, architecture, and the SDLC. Drive threat modeling, security reviews, and tooling adoption. Build and maintain security-focused tooling and automation. Participate in incident response and postmortem processes. Represent the security team in product planning meetings. Contribute to secure development standards and training. This role requires strong cross-functional collaboration and experience in fast-paced product environments.

Responsibilities

• Lead application security initiatives across multiple teams, proactively identifying and remediating risks in our code, architecture, and SDLC
• Collaborate with product engineers to design secure features and advocate for security best practices
• Drive threat modeling, security reviews, and tooling adoption to strengthen our security posture without hindering velocity
• Build and maintain security-focused tooling, automation, and CI/CD integrations to enable secure-by-default development
• Participate in security incident response and postmortem processes; help mature our detection and response capabilities
• Represent the security team in product planning meetings and drive alignment on secure architecture decisions
• Contribute to and maintain secure development standards and training to upskill engineering teams
• Participate in an on-call rotation, including handling security-related escalations

Preferred Qualifications

• 5+ years of experience working on or closely with engineering teams to secure customer-facing applications
• 4+ years experience securing (writing code) full-stack applications using modern JavaScript frameworks (React, TypeScript, NextJS) and backend technologies (Rails/Ruby preferred)
• 3+ years experience building or reviewing authentication, authorization, and session management flows
• 2+ years experience working in cloud-native environments (AWS preferred) with knowledge of container and service mesh security (e.g., Kubernetes, Istio)
• Familiarity with secure coding practices, static and dynamic analysis (e.g., Github Advanced Security, Semgrep, Snyk)
• Strong understanding of web application vulnerabilities (e.g., OWASP Top 10), threat modeling, and secure design principles
• Experience conducting security code reviews and participating in SDLC security checkpoints
• Experience establishing security controls and processes in fast-paced environments
• Experience with incident response, security alert triage, or on-call rotations
• Hands-on experience with observability and alerting tools (e.g., Datadog, PagerDuty)

Benefits

• Competitive salary and startup equity
• Medical, Dental, Vision insurance premiums covered up to 100% (employee only)
• 401K matching
• Unlimited PTO
• A remote-first team with regular opportunities to get together in person for team building, design sprints, and customer visits
• A one time allowance of $1,500 for home office supplies
• Annual budget of $1,000 for learning and professional development
• Diverse, inclusive, highly collaborative, and vibrant culture