Software Security Engineer

Role:

We are seeking a Security Software Engineer functioning as the bridge between our security and engineering teams.

This is a hands-on engineering role, not a penetration testing or audit position. You will write code, review production systems, and build and manage security controls in our infrastructure and applications.

You will operate as an engineer first — applying adversarial thinking to real systems, services, and developer workflows — ensuring security is built into how we ship, not reviewed after the fact.

Security is not a final checkpoint but a foundational part of how we build. The role reports into the Strike CISO.

This position is open to candidates based in the US or Europe.

Key Responsibilities

• Embedded Engineering & Collaboration: Function as part of the engineering team by participating in RFCs, PRDs, code reviews, and project planning. Contribute directly to system design with a focus on secure architecture and implementation.
• Secure System Design & Threat Modeling: Apply adversarial thinking to design and review systems with security implications (e.g., identity systems, authentication flows, APIs), ensuring security is built into implementations from the start.
• Vulnerability Remediation (Code-Level): Take ownership of vulnerabilities in application code — triaging, fixing, and partnering with engineers to remediate issues in production systems.
• Infrastructure & Security Tooling: Own and build security controls such as Cloudflare configurations and WAF rules. Integrate security tooling into CI/CD pipelines and developer workflows to enable secure-by-default engineering.
• Detection & Response Engineering (SIEM): Design and implement alerting rules, detection logic, and incident response workflows within our SIEM, treating detection as an engineering problem.
• Security Capability Building: Define ownership and build scalable security capabilities across teams. Enable engineers to take on security responsibilities rather than centralizing all security work.

Required Qualifications & Experience

• Strong Engineering Background: Proven experience as a software engineer building and shipping production systems (backend, infrastructure, or platform preferred). Ability to write production-quality code, not just scripts.
• Cloud & Infrastructure Experience: Experience designing, deploying, and operating systems in Google Cloud Platform (GCP) and Kubernetes environments.
• Code Review & System Understanding: Ability to deeply understand production codebases, perform high-quality code reviews, and assess real-world exploitability of issues.
• Security Engineering Mindset: Ability to reason about threats and security tradeoffs in real systems, not just identify vulnerabilities. Strong understanding of how systems fail and how they can be abused.
• Technical Proficiencies - Hands-on experience with:
  • SIEM systems (building detections and workflows)
  • Terraform or infrastructure-as-code
  • Firewall / Web Application Firewall (WAF) configuration

What this role is NOT

• This is not a penetration testing or red team role
• This is not focused on running scanners or producing reports
• This is a hands-on engineering role