Senior Security Engineer

External

Sift · Seattle, WA

$145K–$200K/yrFull-timeOn-siteToday

Application SecurityAWSCI/CDCloud SecurityComplianceDocumentation

Cover Letter Connect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

About the role

The Security Engineering team is responsible for protecting Sift's products, infrastructure, and data while enabling our engineering organization to ship quickly and safely. We embed with product and platform teams, build and run security tooling, and design controls that scale across our cloud‑native environment. As a Senior Security Engineer , you'll be a key technical contributor and subject‑matter expert, working on projects that materially reduce risk and strengthen Sift's security posture. Role: In this role, you will design, implement, and operate security controls and tooling across Sift's stack. You'll work closely with Engineers, SREs, IT, and Legal/Compliance to secure our systems end‑to‑end-from application code and CI/CD pipelines to cloud infrastructure and identity. You will also help define our standards, mentor other engineers on secure practices, and contribute directly to audits and compliance efforts.

Responsibilities

Design and implement security controls and tooling across Sift's infrastructure and applications (e.g., IAM policies, network controls, secrets management, endpoint protections, container and workload security).

Embed with product and platform teams to perform security design reviews, threat modeling, and code or configuration reviews for new features and services.

Improve the secure SDLC by integrating AI-powered scanning tools, security scanning (SAST/DAST, dependency and container scanning) into CI/CD, and by developing guardrails, templates, and best practices for engineers.

Own or co‑own vulnerability management workflows , from discovery and triage through remediation, including defining SLAs, coordinating with service owners, and tracking closure.

Develop automation (scripts, services, integrations) to detect misconfigurations, anomalous activity, or policy violations, and to reduce manual operational work for the security team.

Participate in security incident response (on‑call rotation or escalation), including investigation, containment, root cause analysis, and long‑term fixes.

Contribute to security documentation and standards , ensuring we have clear, actionable guidance for engineers on topics like authentication, authorization, data encryption, and key management.

Support audits and assessments (e.g., SOC 2, customer security questionnaires) by providing technical details and evidence of control design and effectiveness.

Mentor other engineers on secure design and implementation practices through pairing, reviews, training sessions, and written guidance.

What will make you a strong fit:

5+ years of experience in security engineering, infrastructure engineering, or application security , ideally in a B2B SaaS or cloud‑native environment.

Hands‑on experience with at least one major public cloud platform (e.g., GCP, AWS), including IAM, networking, logging/monitoring, and security services.

Strong proficiency in at least one programming or scripting language (e.g., Python, Go, Java, or similar) and experience using code to automate security controls or detection.

Direct experience with AI/LLM-specific security risks (prompt injection, model supply chain, etc.)

Demonstrated knowledge of secure application and system design , including topics like authentication/authorization, encryption in transit and at rest, least‑privilege access, and secrets management.

Experience with security tooling such as vulnerability scanners, SAST/DAST tools, SIEM/centralized logging, endpoint protection, or cloud security posture management.

Solid understanding of common vulnerabilities and attack patterns (e.g., OWASP Top 10, misconfigurations, supply‑chain risks) and how to mitigate them in practice.

Ability to work cross‑functionally with engineering, IT, and compliance/legal teams, and to translate security requirements into practical implementation details.

Clear written and verbal communication skills, including the ability to document designs and decisions and to educate others on security best practices.

A collaborative, pragmatic approach: you're comfortable making risk‑based decisions, proposing options, and supporting teams in implementing secure, scalable solutions.

Let's build it together:

This document provides transparency around how Sift handles the personal data of job applicants: https://sift.com/recruitment-privacy

A little about us:

Sift is the AI-powered fraud platform securing digital trust for leading global businesses. Our deep investments in machine learning and user identity,

Senior Security Engineer

About the role

Responsibilities

Benefits

Your Match

Company Intel

What employees say

Interested in this role?