Summary
Join MagicSchool, a leading generative AI platform for teachers, as a Senior Security Engineer. Lead the development of secure engineering practices across products and infrastructure. Drive threat modeling, secure architecture, and application security in a multi-cloud environment. Collaborate with engineering, product, IT, and compliance teams. Report directly to the VP of Engineering and play a critical role in protecting systems used by educators and students. This remote (US-based) position requires hands-on experience with secure development tooling and cloud-native security. Champion secure development practices and lead security education programs.
Requirements
- At least 5 years of experience in application or cloud security, with a track record of advancing security practices in fast-paced technical environments
- Hands-on experience with secure development tooling (SAST, DAST, SCA), and cloud-native security within AWS and/or Google Cloud. Prior involvement in offensive security or red teaming
- Strong experience conducting or facilitating threat modeling, whether using formal frameworks (e.g., STRIDE, PASTA) or more lightweight and iterative team-based approaches
- Ability to communicate complex security topics to both technical and non-technical stakeholders. Skilled in influencing engineering teams and leading by example
- Experience coaching engineers or teams on security principles and integrating security without compromising developer velocity
Responsibilities
- Champion secure development practices including threat modeling, code reviews, and vulnerability management. Lead the evaluation and implementation of tooling such as SAST, DAST, and SCA, and build developer-friendly workflows to โshift security left.โ
- Collaborate with product and engineering teams to design secure systems and deployment models grounded in zero trust principles. Serve as a trusted advisor on cloud security best practices across AWS and Google Cloud environments
- Lead security education programs for engineers and staff, including workshops, incident simulations, and best practice sharing. Coach engineers on practical security techniques and tradeoffs in the software development lifecycle
- Plan and execute internal offensive security exercises, including red teamโstyle assessments, penetration testing, and adversary emulation
- Own and evolve security incident response playbooks. Collaborate with technical and operational teams on real-world incident response and postmortems
- Partner with IT and Compliance to support programs aligned with SOC 2, FERPA, and COPPA, ensuring engineering efforts align with our regulatory commitments
Preferred Qualifications
- Experience supporting security components of SOC 2, FERPA, or COPPA programs
- Prior experience in a high-growth startup or fast-paced engineering environment
Benefits
- Flexibility of working from home, while fostering a unique culture built on relationships, trust, communication, and collaboration with our team - no matter where they live
- Unlimited time off to empower our employees to manage their work-life balance. We work hard for our teachers and users, and encourage our employees to rest and take the time they need
- Choice of employer-paid health insurance plans so that you can take care of yourself and your family. Dental and vision are also offered at very low premiums
- Every employee is offered generous stock options, vested over 4 years
- Plus a 401k match & monthly wellness stipend
Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.