Senior Security Engineer

Summary

Join Runwise, a fast-paced climate-tech startup, as a Senior Security Engineer. You will play a critical role in protecting our platform, infrastructure, and users by collaborating with development and infrastructure teams. Responsibilities include embedding security into system architecture, enforcing security best practices, building security tooling and automation, managing secrets and data protection, defining security SLAs, responding to security incidents, leading security reviews, and staying ahead of emerging threats. The ideal candidate has 5+ years of experience in software or infrastructure security, expertise in securing cloud environments (especially AWS), strong grasp of modern security practices, and proficiency with various security tools. A proactive approach, excellent communication skills, and passion for sustainability are essential. Runwise offers competitive salary, comprehensive benefits, and a hybrid work environment.

Requirements

• 5+ years of experience in software or infrastructure security roles
• Proven expertise in securing cloud environments (especially AWS) and distributed systems
• Strong grasp of modern authentication, encryption, and secure software development practices
• Proficiency with security tooling such as SAST/DAST scanners, SIEM, IAM analyzers, and container scanning tools
• Familiarity with infrastructure-as-code tools (e.g., CloudFormation, Ansible)
• Comfortable writing and reviewing code/scripts (Python, Go, and Bash preferred)
• Excellent communication skills with a bias toward documentation and cross-functional collaboration
• A proactive, product-minded approach and passion for sustainability and climate-tech

Responsibilities

• Partner with product and infrastructure teams to embed security into system architecture and software design
• Design and enforce application and platform security best practices across our services and APIs
• Build tooling and automation for threat detection, vulnerability scanning, and secure code analysis
• Manage and improve secrets management, IAM policies, and data protection in AWS and edge deployments
• Define and track security-related SLAs and risk indicators across services
• Respond to and manage security incidents, including root cause analysis and post-incident reviews
• Lead regular security reviews, risk assessments, penetration tests, and red/blue team exercises
• Stay ahead of emerging threats and continuously improve our defense posture

Preferred Qualifications

Experience managing security in CI/CD pipelines (GitHub Actions experience a plus)

Benefits

• Medical, dental, and vision insurance
• HSA & FSA options
• Paid Parental Leave
• Access to Talkspace & Health Advocate
• Flexible PTO
• Commuter Benefits
• 401K
• Company-paid life insurance
• Voluntary supplemental life insurance
• Free in-office lunch on Wednesdays
• Hybrid work environment
• Summer Fridays
• Monthly L&D Series
• Employee Resource Groups (e.g. DEIB Committee, Run Club)