Senior Security Engineer

Summary

Join MagicSchool, a leading generative AI platform for teachers, as a Senior Security Engineer. Lead the development of secure engineering practices across products and infrastructure. Drive threat modeling, secure architecture, and application security in a multi-cloud environment. Collaborate with engineering, product, IT, and compliance teams. Report directly to the VP of Engineering and play a critical role in protecting systems used by educators and students. This remote (US-based) position requires hands-on experience with secure development tooling and cloud-native security. Champion secure development practices and lead security education programs.

Requirements

• At least 5 years of experience in application or cloud security, with a track record of advancing security practices in fast-paced technical environments
• Hands-on experience with secure development tooling (SAST, DAST, SCA), and cloud-native security within AWS and/or Google Cloud. Prior involvement in offensive security or red teaming
• Strong experience conducting or facilitating threat modeling, whether using formal frameworks (e.g., STRIDE, PASTA) or more lightweight and iterative team-based approaches
• Ability to communicate complex security topics to both technical and non-technical stakeholders. Skilled in influencing engineering teams and leading by example
• Experience coaching engineers or teams on security principles and integrating security without compromising developer velocity

Responsibilities

• Champion secure development practices including threat modeling, code reviews, and vulnerability management. Lead the evaluation and implementation of tooling such as SAST, DAST, and SCA, and build developer-friendly workflows to “shift security left.”
• Collaborate with product and engineering teams to design secure systems and deployment models grounded in zero trust principles. Serve as a trusted advisor on cloud security best practices across AWS and Google Cloud environments
• Lead security education programs for engineers and staff, including workshops, incident simulations, and best practice sharing. Coach engineers on practical security techniques and tradeoffs in the software development lifecycle
• Plan and execute internal offensive security exercises, including red team–style assessments, penetration testing, and adversary emulation
• Own and evolve security incident response playbooks. Collaborate with technical and operational teams on real-world incident response and postmortems
• Partner with IT and Compliance to support programs aligned with SOC 2, FERPA, and COPPA, ensuring engineering efforts align with our regulatory commitments

Preferred Qualifications

• Experience supporting security components of SOC 2, FERPA, or COPPA programs
• Prior experience in a high-growth startup or fast-paced engineering environment

Benefits

• Flexibility of working from home, while fostering a unique culture built on relationships, trust, communication, and collaboration with our team - no matter where they live
• Unlimited time off to empower our employees to manage their work-life balance. We work hard for our teachers and users, and encourage our employees to rest and take the time they need
• Choice of employer-paid health insurance plans so that you can take care of yourself and your family. Dental and vision are also offered at very low premiums
• Every employee is offered generous stock options, vested over 4 years
• Plus a 401k match & monthly wellness stipend