Senior Security Engineer

Summary

Join Iterable's growing security team as a Senior Security Engineer. You will perform risk assessments, build automated security testing frameworks, and integrate security tools into the CI/CD pipeline. Responsibilities include incident response, developing threat detection strategies, and collaborating with engineering teams on secure coding practices. The ideal candidate has 3-5 years of experience in a relevant security role, strong programming skills, and a deep understanding of application security principles. Iterable offers a competitive salary, equity, and a comprehensive benefits package, including paid parental leave, medical insurance, and various allowances.

Requirements

• 3-5 years of experience as a security engineer, cloud/platform security engineer, software engineer, site reliability engineer, or a comparable like position
• Competency in one or more programming languages (bonus points for Scala experience)
• Strong knowledge of application security principles, including secure coding, threat modeling, and common application vulnerabilities (e.g., OWASP Top 10)
• Familiarity with Github and / or Gitlab workflows
• Interest or experience in both the development of security guardrails and the shift-left paradigm
• Strong analytical and problem-solving skills, with the ability to work independently and as part of a collaborative team
• You are seeking to contribute to a high-growth environment and play a key role in building new programs from the ground up
• You care about the details, and are willing to ask questions when you’re unsure
• You are comfortable handling the unknown, and seek to bring clarity in ambiguous situations

Responsibilities

• Perform risk assessments, architectural designs, threat models, code reviews, and more—pragmatically balancing security with other business considerations
• Build and enhance automated security testing frameworks, incorporating tools like static and dynamic analysis to identify vulnerabilities early in the development process
• Drive the integration of security tools into the CI/CD pipeline, ensuring continuous monitoring and automated threat detection across applications and infrastructure
• Partner cross-functionally for security monitoring & incident response; proposing & building security detections and runbooks
• Respond to security incidents, security vulnerabilities, and security events. Investigate, analyze, and coordinate remediation activities, ensuring quick containment and long-term improvements
• Develop and implement threat detection strategies, propose detection rules to monitor for emerging threats and vulnerabilities in real-time
• Partner with engineering teams to implement secure coding practices, provide security training, and integrate security-first mindset into development workflows
• Stay current with evolving security threats, vulnerabilities, and best practices, sharing insights with cross-functional teams to strengthen security measures

Preferred Qualifications

• Experience with security automation, including incident response and remediation workflows
• Knowledge of endpoint detection and response tools, and experience with incident investigations in a cloud environment
• Experience with Static and/or Dynamic Application Security Testing
• Experience working with SIEMs
• Experience with cloud security practices, specifically in AWS, GCP, or Azure, and a solid understanding of cloud infrastructure vulnerabilities and best practices
• Working knowledge of Kubernetes environments, or have designed and applied Kubernetes security policies (e.g. OPA Gatekeeper, Kyverno)
• Experience with GenAI and LLMs

Benefits

• Paid parental leave
• Competitive salaries, meaningful equity, & 401(k) plan
• Medical, dental, vision, & life insurance
• Balance Days (additional paid holidays)
• Fertility & Adoption Assistance
• Paid Sabbatical
• Flexible PTO
• Monthly Employee Wellness allowance
• Monthly Professional Development allowance
• Pre-tax commuter benefits
• Complete laptop workstation