Sr. Software Engineer, Security (Pipedream)

About the role

The Pipedream team operates an integration platform that connects Workday services - and the apps of our external customers - to over 3,000 APIs. We build and maintain public-facing APIs, code execution environments, a high-volume event processing pipeline, and other complex services that power the platform. Our work sits at the intersection of scale and connectivity: every integration that runs on Pipedream depends on the reliability, performance, and security of the infrastructure we build. If you enjoy working on systems that thousands of developers rely on every day, and you want to see the direct impact of your contributions, this is a great team to be a part of. As Pipedream's first dedicated Security Engineer, you will own platform security end-to-end - tooling, process, threat modeling, and audits - while working hands-on in the codebase to find and fix vulnerabilities yourself. This is a deeply technical individual contributor role with broad scope. You will build a security function from scratch at a platform serving thousands of developers. In this role, you will be responsible for: Finding and patching vulnerabilities directly in code and dependencies. Pipedream runs a polyglot stack - TypeScript, Rust, Kotlin, Ruby, and more - so you will read and fix code across all of it. Building and maintaining the platform's threat model, and partnering with Product and Engineering to ship new features securely without slowing them down. Securing cloud infrastructure (AWS, GCP) and the third-party vendor surface (Redis, Datadog, and others). Leading incident response for critical security issues. Owning SOC 2, HIPAA, penetration tests, and other compliance work end-to-end. Partnering with Workday's security team to translate broader policy into something that fits Pipedream's stack and operations. About You