wagey.ggwagey.gg
Open Tech JobsCompaniesPricing
Log InGet Started Free
Jobs/Application Security Engineer Role/Application Security Engineer

Application Security Engineer

PostHogRemote - European Union1w ago
RemoteMidEMEACloud ComputingLogisticsApplication Security EngineerSupport EngineerMobile EngineerSupport SpecialistReportingAWSPrismaClose

Upload My Resume

Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT

Apply in One Click

Requirements

• We are looking for our first dedicated Incident Response Engineer to own detection, response, and cloud security at PostHog. • We need to fix that. We’re looking for someone to take the reins of our security operations, build out our detection pipelines, and ensure that when something goes bump in the night, we have the observability to know exactly what happened. This is a unique role as you’ll: • Build from Scratch: You aren't maintaining someone else's legacy SIEM. You are shaping the security team, culture and tooling for a high-growth, open-source company. • Build from Scratch: • Zero Bureaucracy: We hate meetings. We don't have "Security Committees." You have the autonomy to make changes and move fast. • Zero Bureaucracy: • Transparency: We work in the open. You’ll be able to see (and contribute to) how we handled past incidents, like this NPM package compromise. • Transparency: • Direct Impact: Your work directly protects the data of thousands of customers. When you improve our security posture, the whole company (and our community) feels it. • Direct Impact: • Cloud Native: You have 3-5+ years of experience in security engineering with a heavy focus on AWS. You know your way around IAM, VPC logs, and CloudTrail like the back of your hand. • Cloud Native: • Detection Specialist: You’ve used CSPM/CNAPP tools (like Wiz or Prisma) and, more importantly, you know how to build detection pipelines that engineers actually trust. • Detection Specialist: • Battle-Tested: You’ve led incident response before. You’re calm under pressure and know how to coordinate across teams to contain a threat. • Battle-Tested: • High Autonomy: We don’t have a security SOC. You’ll be building this function from scratch, so you need to be comfortable deciding what’s important and executing on it without a manual. • High Autonomy: • Engineering skills: You bring strong engineering experience and next to digging into code to understand an exploit or a vulnerability, you can write code with the same proficiency as our product engineers.Communication and attitude: As mentioned before we don't do "Security says no", we do "Security says 'here is how to do this safely.” This is crucial for us, we need people that want to enable engineers and work with them, not limit them. • Communication and attitude: • If you have a disability, please let us know if there's any way we can make the interview process better for you - we're happy to accommodate!

Responsibilities

• Triage and Tune: You’ll own our Wiz alerts. You’ll be responsible for turning "noise" into "actionable findings" and ensuring we aren't just staring at a dashboard of 1,000 "Critical" issues that don't actually matter. • Triage and Tune: • Incident detection, response: You’ll lead the charge on security incidents. Whether it’s a compromised NPM package or a suspicious IAM pattern, you’ll coordinate the response and lead the post-mortem. You’ll also help build our IR runbooks. • Incident detection, response: • Build Observability: You’ll build detection pipelines, and close our network-based observability gaps. We want to be able to trace suspicious activity all the way back to specific code paths. • Build Observability: • Threat Hunting: You’ll proactively hunt for threats in our AWS environment. You won't just wait for an alert; you'll define what "good" looks like and build the telemetry to prove it. • Threat Hunting: • The VDP: You’ll support our Vulnerability Disclosure Program, triaging reports from researchers and eventually transitioning us toward a formal bug bounty program. • The VDP: • Enable the Team: You’ll support our product squads with threat modeling and secure design reviews. We don't do "Security says no", we do "Security says 'here is how to do this safely.'" • Enable the Team: • Help build our security culture: Our engineers trust the security team and view security as an enabler. You’ll be a crucial part of helping to continue this excellent (and uncommon) working relationship. • Help build our security culture: • While this is not a Corporate security (MDM, endpoint, device trust) or Supply chain/CI-CD hardening role, in true PostHog style, there are opportunities to work on these as well

Similar Jobs

Senior Legal Counsel1h ago
omazeomaze·London·Equity
In OfficeEMEASeniorLegal CounselReportingBudget Management
Data Engineer (SQL, Databricks) (Remote, Full-Time) [AS213]1h ago
smart-working-solutionssmart-working-solutions·Remote - India
RemoteAPACData AnalyticsData EngineerSQLDatabricksPipeline ManagementApache SparkPythonReportingBusiness IntelligenceDocumentation
GIS Specialist1h ago
TerraformationTerraformation·Remote - USA·$70k – $90k/year + Equity
RemoteNAMidArtificial IntelligenceTechnical Support SpecialistPythonClaudeCursorDocumentationPostgreSQLTagalogLearning & DevelopmentProject PlanningReportingDAUDrone
SEO/GEO Consultant1h ago
DEPT®DEPT®·London, hybrid - Hybrid
In OfficeEMEAMidSEO SpecialistTravel AgentSEODigital MarketingGoogle SheetsExcelGoogle DocsGoogle SlidesLookerReporting
Director, Ceded Reinsurance1h ago
OpenlyOpenly·Remote - USA·$232k – $232k/year + Equity
RemoteNADirectorInsuranceDirector of SecurityTeam ManagementProgram ManagementReportingMBA

Stop filling. Start chilling.Start chilling.

Get Started Free

No credit card. Takes 10 seconds.

© 2026 Dominic Morris. All rights reserved.·Privacy·Terms·