confluent - Staff Security Engineer II

• Partner closely with Engineering, Product, and Platform teams to identify security risks early, influence architectural decisions, and drive adoption of secure-by-design practices across the organization. • Define and standardize threat modeling frameworks and security design standards, and lead security design reviews for complex, distributed systems, providing actionable architectural guidance to engineers and product managers. • Serve as the subject matter expert (SME) for product security implementation reviews, overseeing security code reviews and API security testing while providing definitive remediation guidance. • Architect and drive the roadmap for security automation, building scalable software security tooling to transform product security operations and vulnerability management practices. • Design and lead the deployment of automation and orchestration frameworks that integrate security seamlessly into the cloud-native deployment pipeline. • Proactively identify new vulnerability classes, lead research initiatives and orchestrate complex table-top exercises to keep the organization ahead of the evolving threat landscape. • Strategically identify and deploy advanced technology controls to maximize observability and harden key attack surfaces across the ecosystem. • 10–12 years of hands-on Application Security experience, who can drive measurable security improvements across large-scale, distributed systems and global engineering organizations. • Comprehensive knowledge of security fundamentals as applied to modern web applications and cloud-native platforms including secure software design and architecture, secure coding practices, common vulnerability classes. • Ability to partner as a trusted peer with Engineering and Product leadership to embed security into the core architecture of the organization. • Ability to lead technical investigation and response to application security incidents while driving preventive improvements through architecture and automation. • Proven experience evolving the software development lifecycle to embed security by default, from securing CI/CD pipelines and build systems to implementing automated security guardrails in cloud-native deployment workflows. Passionate about applying AI and LLMs to automate complex security workflows, reduce manual toil, and drive measurable improvements in security outcomes. • Experience in Go, Python, or Java, with the ability to design and build scalable security automation frameworks. • Experience in leading cross-functional initiatives in distributed environments, translating security requirements into clear, executable technical roadmaps. • A data-driven decision-maker who can balance security requirements with business velocity and engineering trade-offs to deliver outcomes. • Ability to raise the organization’s security bar through architectural reviews, advanced technical guidance, and the development of engineers across all levels. • READY TO BUILD WHAT'S NEXT? LET’S GET IN MOTION. • COME AS YOU ARE • Belonging isn’t a perk here. It’s the baseline. We work across time zones and backgrounds, knowing the best ideas come from different perspectives. And we make space for everyone to lead, grow, and challenge what’s possible.