We're looking for a hands-on engineer who lives at the intersection of offensive security and backend development. You'll break things, lock them down, and build them — owning security from how we write APIs to how we control who accesses what. This is a hybrid role for someone who genuinely enjoys wearing all three hats. If you're equally comfortable writing a Burp Suite report and shipping a production service, read on.
What you'll do – Plan and execute penetration tests across web apps, APIs, and internal infrastructure; document findings and drive remediation
– Design and manage our identity and access management (IAM) — RBAC, SSO, least-privilege policies, secrets management, and access reviews
– Build and maintain secure backend services and APIs (authn/authz, input validation, secure data handling)
– Embed security into the SDLC: threat modeling, code reviews, and CI/CD security checks
– Respond to security incidents and help mature our overall security posture