Senior Security Engineer

Summary

Join Scribd's Infrastructure Security team as a Senior Security Engineer and play a vital role in securing our applications and cloud infrastructure. You will be responsible for configuring and maintaining security tooling, analyzing security findings, participating in threat modeling, staying current with security trends, and performing incident response. This role requires 3+ years of experience in security engineering, a deep understanding of web application security, proficiency in at least one backend language, and familiarity with security frameworks and regulations. Scribd offers a competitive compensation package including a comprehensive benefits package, equity ownership, and flexible work arrangements through Scribd Flex, with occasional in-person attendance required. We prioritize a culture of collaboration, innovation, and a commitment to achieving long-term goals.

Requirements

• 3+ years of experience in a security engineering role or an equivalent blend of software and security engineering experience
• Proven ability to take ownership of high-impact projects, working cross-functionally with product, design, and engineering teams to deliver results on time
• Ability to define security plans and goals, influence roadmaps, and effectively communicate security concepts to engineers, leadership, and executives, ensuring alignment and driving adoption of security best practices
• A deep understanding of securing web applications
• Proficiency in at least one backend language (preferably Ruby, Python, or Go) and familiarity with a frontend stack (preferably React)
• Familiarity with security frameworks (e.g., NIST SSDF) and regulations (e.g., GDPR, PCI)
• Experience with Infrastructure-as-Code technologies like Terraform or CloudFormation
• Experience with SIEM technologies such as Splunk or Elasticsearch
• Experience performing manual secure code reviews

Responsibilities

• Configure, maintain, and integrate security tooling (SCA, SAST, bug bounty platforms) into our SDLC
• Analyze security tool findings, prioritize risks, identify systemic issues, and collaborate with teams to remediate them
• Participate in threat modeling and secure design to minimize attack surface and risks, helping developers ship more securely and fostering a strong security culture
• Stay current with security trends, tracking emerging threats and advances in security technology, and recommend new tools or processes to continually improve our security posture
• Perform incident response for potential and confirmed security breaches
• Develop automated solutions for repetitive security-related tasks and foundational guardrails to ensure security compliance
• Provide subject matter expertise in Information, Cloud, and Application Security to other engineering teams
• Conduct “Red Team”-style assessments, including network analysis, web application vulnerability assessments, and manual validation of security controls

Benefits

• Healthcare Insurance Coverage (Medical/Dental/Vision): 100% paid for employees
• 12 weeks paid parental leave
• Short-term/long-term disability plans
• 401k/RSP matching
• Onboarding stipend for home office peripherals + accessories
• Tuition Reimbursement
• Learning & Development programs
• Quarterly stipend for Wellness, Connectivity & Comfort
• Mental Health support & resources
• Free subscription to Scribd + gift memberships for friends & family
• Referral Bonuses
• Book Benefit
• Sabbaticals
• Company wide events
• Team engagement budgets
• Vacation & Personal Days
• Paid Holidays (+ winter break)
• Flexible Sick Time
• Volunteer Day
• Company-wide Employee Resource Groups & DE&I Programs