
Senior Security Engineer
Sift · United States
- Hybrid
- Full-time
- $175,000 / year
- United States
Email the hiring manager to get a response.
Get their verified email + an intro that's ready to send.
Subject: Interested in the Senior Security Engineer role at Sift
Hi Taylor — I came across the Senior Security Engineer opening and wanted to reach out directly. I've spent the last few years doing exactly this kind of work, and Sift stood out because…
✎ Personalized to your résumé after sign-up.
- ✓ Verified email of the hiring manager
- ✓ Intro email personalized to your résumé
- ✓ $9/mo = unlimited — any job link
Secure checkout · cancel anytime
Job highlights
- Design and implement security controls and tooling.
- Improve secure SDLC with AI-powered scanning tools.
- Manage vulnerability discovery, triage, and remediation.
- Develop automation for security detection and operations.
- Mentor engineers on secure design and practices.
About the role
About the team:
The Security Engineering team is responsible for protecting Sift’s products, infrastructure, and data while enabling our engineering organization to ship quickly and safely. We embed with product and platform teams, build and run security tooling, and design controls that scale across our cloud‑native environment. As a Senior Security Engineer, you’ll be a key technical contributor and subject‑matter expert, working on projects that materially reduce risk and strengthen Sift’s security posture.
Role:
In this role, you will design, implement, and operate security controls and tooling across Sift’s stack. You’ll work closely with Engineers, SREs, IT, and Legal/Compliance to secure our systems end‑to‑end—from application code and CI/CD pipelines to cloud infrastructure and identity. You will also help define our standards, mentor other engineers on secure practices, and contribute directly to audits and compliance efforts.
What you’ll do:
- Design and implement security controls and tooling across Sift’s infrastructure and applications (e.g., IAM policies, network controls, secrets management, endpoint protections, container and workload security).
- Embed with product and platform teams to perform security design reviews, threat modeling, and code or configuration reviews for new features and services.
- Improve the secure SDLC by integrating AI-powered scanning tools, security scanning (SAST/DAST, dependency and container scanning) into CI/CD, and by developing guardrails, templates, and best practices for engineers.
- Own or co‑own vulnerability management workflows, from discovery and triage through remediation, including defining SLAs, coordinating with service owners, and tracking closure.
- Develop automation (scripts, services, integrations) to detect misconfigurations, anomalous activity, or policy violations, and to reduce manual operational work for the security team.
- Participate in security incident response (on‑call rotation or escalation), including investigation, containment, root cause analysis, and long‑term fixes.
- Contribute to security documentation and standards, ensuring we have clear, actionable guidance for engineers on topics like authentication, authorization, data encryption, and key management.
- Support audits and assessments (e.g., SOC 2, customer security questionnaires) by providing technical details and evidence of control design and effectiveness.
- Mentor other engineers on secure design and implementation practices through pairing, reviews, training sessions, and written guidance.
What will make you a strong fit:
- 5+ years of experience in security engineering, infrastructure engineering, or application security, ideally in a B2B SaaS or cloud‑native environment.
- Hands‑on experience with at least one major public cloud platform (e.g., GCP, AWS), including IAM, networking, logging/monitoring, and security services.
- Strong proficiency in at least one programming or scripting language (e.g., Python, Go, Java, or similar) and experience using code to automate security controls or detection.
- Direct experience with AI/LLM-specific security risks (prompt injection, model supply chain, etc.)
- Demonstrated knowledge of secure application and system design, including topics like authentication/authorization, encryption in transit and at rest, least‑privilege access, and secrets management.
- Experience with security tooling such as vulnerability scanners, SAST/DAST tools, SIEM/centralized logging, endpoint protection, or cloud security posture management.
- Solid understanding of common vulnerabilities and attack patterns (e.g., OWASP Top 10, misconfigurations, supply‑chain risks) and how to mitigate them in practice.
- Ability to work cross‑functionally with engineering, IT, and compliance/legal teams, and to translate security requirements into practical implementation details.
- Clear written and verbal communication skills, including the ability to document designs and decisions and to educate others on security best practices.
- A collaborative, pragmatic approach: you’re comfortable making risk‑based decisions, proposing options, and supporting teams in implementing secure, scalable solutions.
Let’s build it together:
At Sift, we are intentionally building a diverse, equitable, and inclusive workplace. We believe that diversity drives innovation, equity is a fundamental right, and inclusion is a basic human need. We envision a place where all Sifties feel secure sharing their authentic selves and diverse experiences with their teams, their customers, and their community – ultimately using this empowerment and authenticity to build trust and create a safer Internet.
This document provides transparency around how Sift handles the personal data of job applicants: https://sift.com/recruitment-privacy
A little about us:
Sift is the AI-powered fraud platform securing digital trust for leading global businesses. Our deep investments in machine learning and user identity, a data network scoring 1 trillion events per year, and a commitment to long-term customer success empower more than 700 customers to grow fearlessly. Global brands rely on Sift to unlock growth and deliver seamless consumer experiences. Visit us at sift.com and follow us on LinkedIn.
Key skills/competency:
- Senior Security Engineer
- Cloud Security
- Application Security
- IAM
- Vulnerability Management
- Incident Response
- Secure SDLC
- Python/Go
- Threat Modeling
- SAST/DAST
Skills & topics
- Senior Security Engineer
- Security Engineering
- Cloud Security
- Application Security
- IAM
- Vulnerability Management
- Incident Response
- Secure SDLC
- Python
- Go
- AI Security
- LLM Security
- Threat Modeling
- SAST
- DAST
- B2B SaaS
- GCP
- AWS
How to get hired
- Tailor your resume: Highlight 5+ years of security engineering experience, cloud platform expertise (GCP, AWS), and programming skills (Python, Go).
- Showcase relevant experience: Emphasize hands-on work with security tools, AI/LLM security risks, and secure system design principles.
- Craft a strong cover letter: Detail your collaborative approach and ability to translate security requirements into practical solutions.
- Prepare for interviews: Be ready to discuss threat modeling, incident response scenarios, and how you've mentored others.
- Research Sift: Understand their AI-powered fraud platform and commitment to diversity and inclusion.
Technical preparation
Behavioral questions
Frequently asked questions
- What are the key responsibilities for a Senior Security Engineer at Sift?
- As a Senior Security Engineer at Sift, you'll be responsible for designing, implementing, and operating security controls and tooling across Sift's stack. This includes working with engineers, SREs, IT, and Legal/Compliance to secure systems from application code to cloud infrastructure. You'll also improve the secure SDLC, manage vulnerability workflows, develop automation, participate in incident response, and mentor other engineers.
- What qualifications are most important for this Senior Security Engineer role at Sift?
- The most important qualifications include 5+ years of security engineering experience, hands-on experience with a major public cloud platform (GCP, AWS), proficiency in a programming/scripting language like Python or Go, and direct experience with AI/LLM security risks. Knowledge of secure application and system design, security tooling, and common vulnerabilities is also crucial.
- How does Sift approach security in its engineering processes?
- Sift's Security Engineering team embeds with product and platform teams to build and run security tooling and design scalable controls. They focus on improving the secure SDLC by integrating AI-powered scanning tools and security scanning into CI/CD pipelines, and by developing best practices and guardrails for engineers.
- What opportunities are there for professional growth as a Senior Security Engineer at Sift?
- As a Senior Security Engineer, you'll be a key technical contributor and subject-matter expert, working on projects that reduce risk and strengthen Sift's security posture. You'll have opportunities to mentor other engineers, contribute to security standards, and support audits and compliance efforts, providing a strong foundation for career advancement.
- Does Sift have a remote work policy for its Senior Security Engineer positions?
- The job description does not explicitly state a remote work policy. However, it mentions working across 'cloud-native environments' and collaborating with various teams, which often implies flexibility. Candidates should inquire about the specific work arrangement during the application process.
- What is the typical interview process for a Senior Security Engineer at Sift?
- While not explicitly detailed, typical interview processes for Senior Security Engineer roles at tech companies like Sift often involve initial recruiter screens, technical interviews focusing on security concepts, coding challenges, system design discussions, and behavioral interviews to assess cultural fit and collaboration skills.
Similar roles
Open positions we recommend based on this role.
