Senior Security Engineer IV

Summary

Join PagerDuty's diverse team as a Senior Security Engineer and become a key contributor in leading security initiatives for our SaaS offerings. You will focus on application security through architecture reviews, threat modeling, and defining secure-by-design product standards. Collaborate closely with engineers across product development teams to deliver secure, reliable, and scalable solutions. This role requires a strong background in establishing security standards, coordinating with development teams, and developing secure-by-default architectures. The ideal candidate will have experience in a large enterprise environment and a passion for secure product architectures and developer experience. We offer a competitive salary and comprehensive benefits package.

Requirements

• 5+ years of experience as a Security Engineer focused on product and application security in a cloud-native, microservices environment, preferably within AWS
• Demonstrated experience with security standards and patterns for APIs, microservices, and serverless architectures, including best practices for secure SDLC integration and development
• Familiarity with cloud-native product technologies including: Vulnerability detection (e.g., Qualys/Nessus, Wiz, Snyk), SIEM (e.g., SumoLogic, LogRythm, or Splunk), Container Security (e.g., Kubernetes, EKS), CI/CD Discipline (e.g., CircleCI, Buildkite, Helm, Terraform, Chef), Security Incident Response & Risk Management
• 4 years of experience and proficiency in at least one programming language and framework (e.g., Python, Bash, Phoenix/Elixir, Java, Ruby on Rails)
• Exceptional written, oral communication, and interpersonal skills
• Strong organizational skills with the ability to successfully manage multiple priorities and deadlines

Responsibilities

• Embrace the role of hands-on technical lead in defining product security standards and guiding platform protections
• Establish criteria and conduct comprehensive security reviews throughout all stages of product development to identify and address security risks
• Perform regular threat assessments, coordinate with third-party testers for penetration testing, and conduct internal penetration testing to identify and mitigate security risks
• Mentor and guide team members to ensure product and business objectives are prioritized in project implementations, fostering a strong documentation culture with project charters and design documents
• Work with loosely defined requirements where you exercise your analytical skills to clarify questions, share your approach, and collaborate with the team to design and implement effective security frameworks. Maintain a strong appetite for challenging problems with a high degree of ownership
• Participate in the team’s On-Call rotation, triaging and addressing security issues as they arise, and implement measures to prevent future occurrences
• Enable service team security implementations by developing security-as-code constructs, including infrastructure-as-code (IaC) modules, libraries and frontend components, while creating and maintaining developer-focused documentation to promote easy adoption
• Establish and uphold baseline standards and hardened configurations for platform components
• Continuously enhance security frameworks by focusing on product security standards and software supply chain protections, tailored for application security in cloud-native, microservices environments

Preferred Qualifications

• Strong hands-on experience in deploying secure coding practices, automation, threat modeling and application security solutions
• Strong understanding of modern application architectures, including microservices, containerization, and cloud-native applications
• Experience with obtaining and maintaining FedRAMP authorization
• Experience working at a SaaS company larger than 1,000 employees and $100M in revenue
• Ability to analyze complex problems, and implementing these solutions with a growing proficiency in change management
• Demonstrates a strong sense of ownership and a commitment to excellence in securing systems within a SaaS environment, with the ability to identify and implement resilient, effective product security measures
• Proven history of mentoring and coaching

Benefits

• Competitive salary
• Comprehensive benefits package from day one
• Flexible work arrangements
• Generous paid vacation time
• Paid holidays and sick leave
• Dutonian Wellness Days - scheduled company-wide paid days off in addition to PTO
• Company equity*
• ESPP (Employee Stock Purchase Program)*
• Retirement or pension plan*
• Paid parental leave - up to 22 weeks for pregnant parent, up to 12 weeks for non-pregnant parent (some countries have longer leave standards and we comply with local laws)*
• HibernationDuty - an annual company paid week off when everyone at PagerDuty, with the exception of a small, coverage crew, is asked to take a much needed break to truly disconnect and recharge
• Paid volunteer time off - 20 hours per year
• Company-wide hack weeks
• Mental wellness programs