Strike - Software Security Engineer
Upload My Resume
Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT
Requirements
• Strong Engineering Background: Proven experience as a software engineer building and shipping production systems (backend, infrastructure, or platform preferred). Ability to write production-quality code, not just scripts. • Cloud & Infrastructure Experience: Experience designing, deploying, and operating systems in Google Cloud Platform (GCP) and Kubernetes environments. • Code Review & System Understanding: Ability to deeply understand production codebases, perform high-quality code reviews, and assess real-world exploitability of issues. • Security Engineering Mindset: Ability to reason about threats and security tradeoffs in real systems, not just identify vulnerabilities. Strong understanding of how systems fail and how they can be abused. • Technical Proficiencies - Hands-on experience with: • SIEM systems (building detections and workflows) • Terraform or infrastructure-as-code • Firewall / Web Application Firewall (WAF) configuration • What this role is NOT • This is not a penetration testing or red team role • This is not focused on running scanners or producing reports • This is a hands-on engineering role working directly in codebases and systems
Responsibilities
• Embedded Engineering & Collaboration: Function as part of the engineering team by participating in RFCs, PRDs, code reviews, and project planning. Contribute directly to system design with a focus on secure architecture and implementation. • Secure System Design & Threat Modeling: Apply adversarial thinking to design and review systems with security implications (e.g., identity systems, authentication flows, APIs), ensuring security is built into implementations from the start. • Vulnerability Remediation (Code-Level): Take ownership of vulnerabilities in application code — triaging, fixing, and partnering with engineers to remediate issues in production systems. • Infrastructure & Security Tooling: Own and build security controls such as Cloudflare configurations and WAF rules. Integrate security tooling into CI/CD pipelines and developer workflows to enable secure-by-default engineering. • Detection & Response Engineering (SIEM): Design and implement alerting rules, detection logic, and incident response workflows within our SIEM, treating detection as an engineering problem. • Security Capability Building: Define ownership and build scalable security capabilities across teams. Enable engineers to take on security responsibilities rather than centralizing all security work.
Benefits
• Equity in a high-growth startup • Health, dental, and vision insurance premium contributions; short & long-term disability insurance and basic life insurance • Cell phone and internet reimbursement • Flexible PTO, sick leave & parental leave • Access to a company 401k plan
No credit card. Takes 10 seconds.