apollo-graphql - Staff Security Operations Engineer
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• Experienced in application security — familiar with OWASP, threat modeling, secure code review, and API security patterns • Comfortable contributing to or reviewing code, and knows how to work with developers in ways that actually improve security culture (not just file findings) • Has shipped developer-facing security tooling or guardrails — things engineers actually use • Skilled at both cloud security controls (AWS, GCP) and application-layer security — understands the full stack from infrastructure up through the API and application layer • Comfortable working directly with engineers to embed operational security practices into their workflows • Strong communicator who can explain threats and mitigations clearly to both technical and non-technical audiences • Excited about the intersection of AI and security, with ideas for how to safely harness AI while managing its risks • Motivated by outcomes - not just solving incidents, but building resilient systems and reducing risk at scale • 6+ years in security engineering, spanning both application security and security operations • Strong foundation in AppSec: threat modeling, SAST/DAST, dependency management, secure SDLC practices • Deep expertise with detection and response in cloud-native environments • Experience building and automating security tooling (scripting/programming language, SIEM, SOAR, or AppSec tooling) • Proven ability to partner with engineering teams to improve security posture with while minimizing the impact on delivery times • Track record of influencing security culture across an engineering organization • Strong knowledge of SOC 2, ISO 27001, or similar security frameworks • Proven ability to lead or coordinate incident response across multiple teams • Track record of influencing operational security culture and practices without direct authority • Experience working with AI security - either in detection, incident response, or product security contexts • Prior experience supporting enterprise customer audits or due diligence processes • Familiarity with Terraform, Kubernetes, or other modern infrastructure stacks • Hands-on experience with threat hunting and detection engineering • Experience securing GraphQL APIs, federation, or API gateway patterns • Familiarity with software supply chain security (SBOM, Sigstore, dependency auditing) • Prior work on security champions programs or developer security education
Responsibilities
• Partner with engineering teams to conduct threat modeling and security reviews on new features and architecture changes • Establish and evolve Apollo's application security program including SAST/DAST tooling, dependency scanning, and secure coding standards • Drive security requirements into the SDLC, embedding security gates into CI/CD pipelines • Identify and remediate vulnerabilities in Apollo's products and APIs, with a focus on reducing systemic risk rather than one-off fixes • Act as a security advisor for product teams building customer-facing features, particularly those involving authentication, authorization, and data handling • Advance Apollo’s detection and response strategy in partnership with engineering and IT leadership • Implement and maintain adherence to SOC 2 and other cloud security frameworks • Handle escalations from Sales and Customer Success • Build and tune monitoring, logging, and alerting systems to improve visibility while reducing noise • Drive automation of SecOps workflows to speed up investigation and response • Guide secure adoption of AI across Apollo - from internal use by engineers to AI-powered product features • Participate in our on-call rotation (we keep this lightweight and reasonable)
No credit card. Takes 10 seconds.