Staff Security Engineer

Summary

Join Fullstory's Security Engineering team as a remote Security Engineer and champion the integration of security throughout the company. You will support engineers across the Secure Development Lifecycle (SDL), collaborate on architecting secure services, perform security assessments, develop security tooling automation, and support third-party consultants. You will also craft and deliver security training. This role requires 5+ years of experience in software security, proficiency in multiple programming languages, and experience in threat modeling, penetration testing, and code reviews. Fullstory offers a competitive salary, remote work flexibility, comprehensive benefits, professional development opportunities, and a supportive work environment.

Requirements

• Has 5+ years of experience working in software security roles or performing similar types of work (e.g. application security, security engineering, product security, security research)
• Able to read and write software in two or more of the following languages: Go, Rust, Objective-C, React Native, or Python
• Proficient in identifying vulnerability classes, performing root cause analysis, defining remediation paths in code, technical coordination with engineers, and verifying fixes
• Has direct experience in activities such as threat modeling, penetration testing, creating security requirements, performing source code reviews, or leading security design reviews
• Has experience building sustainable security programs with an emphasis on customer service, partnership, and enablement of software engineering and product stakeholders

Responsibilities

• Support engineers across the SDL as a security subject matter expert, including design reviews, threat modeling, code review, patch creation, and penetration testing
• Collaborate with product and engineering on architecting resilient, security-first services
• Perform deep, technical security assessments to ensure services follow secure design principles across our engineering portfolio
• Develop automation of high-signal security tooling through customizations and plugins
• Support third-party security consultants to provide external validation of product security
• Craft and deliver interactive security training courses to support engineer enablement

Benefits

• Remote work environment
• Flexible paid time off
• Annual company-wide closure
• Sponsored benefit packages for US-based Fullstorians, and supplemental coverage options for international Fullstorians
• Professional development opportunities through training programs, career coaching sessions, and an annual learning subsidy
• Monthly productivity stipend
• Reimburse remote colleagues for their initial home office set up
• Employee Resource Group events
• Listening & Alignment weeks
• Team off-sites
• Paid parental leave
• Global fertility and family building benefit
• Bereavement leave
• Miscarriage/Pregnancy loss leave