View All Jobs 127641

Senior Security Engineer

Establish ngrok's security program and build developer-facing security tooling
RemoteSan Francisco Bay Area
Senior
$215,280 – 286,000 USD / year
yesterday
ngrok

ngrok

Provides secure, developer-friendly tunneling and ingress services to expose local applications to the internet for testing and deployment.
2 Similar Jobs at ngrok

Senior Security Engineer

ngrok is an all-in-one cloud networking platform that secures, transforms, and routes traffic to services running anywhere. Instead of cobbling together nginx, NLBs, VPNs, model routers, and oodles of other tools, developers solve every networking problem with one gateway. Doesn't matter if they're sharing localhost or running AI workloads in production.

We're trusted by more than 9 million developers at companies like GitHub, Okta, HashiCorp, and Twilio. What started as a way to put your local app on a public URL has grown into a universal gateway for API delivery, AI inference, device fleets, and site-to-site connectivity. It's the same ngrok that millions of developers have loved and leaned on every day for years, now with the power to run production traffic at scale.

Still reading? Good. There's more below worth your time.

About the Security Team

Security at ngrok is being built from the ground up, and this role is the foundation. ngrok sits at a uniquely sensitive position in the internet stack: traffic flows through us, and the developers and companies who rely on us trust us with that. As our first dedicated Security Engineer, you won't be inheriting a sprawling program or a backlog of someone else's decisions. You'll be defining how security works here — partnering closely with engineering, infrastructure, and leadership to build automated guardrails, opinionated defaults, and self-service tooling that scale with the team rather than slow it down. The threat landscape is shifting fast, and we want a security posture we're proud to stand behind.

What You'll Actually Do

  • Audit the current state of security tooling, pipeline coverage, cloud posture, and detection capabilities, and turn that into a prioritized security roadmap tied to ngrok's business objectives
  • Ship developer-facing security tooling: automated checks in CI/CD, secrets scanning, dependency vulnerability tracking, and secure-by-default libraries that make the right choice the easy choice
  • Run a structured risk assessment across product and infrastructure to document what we know, what we don't, and what needs to change
  • Establish guardrails for how we use AI in our engineering pipeline — policies and tooling that let us move fast without introducing new risk classes
  • Stand up baseline detection and response: log coverage, alerting, and a documented incident response process
  • Own the security engineering program end-to-end over time — clear ownership, documented controls, meaningful metrics, and an internal security platform (reusable libraries, self-service tooling, automation) that reduces the security burden on every engineer

You Might Be a Great Fit If…

  • You've worked in a security engineering role where you shipped tooling, built automation, or owned security infrastructure — not just reviewed it
  • You have strong engineering fundamentals and are comfortable writing quality code in Go or Java, Rust, C, C++
  • You know how to integrate security checks into CI/CD pipelines without slowing teams down
  • You have hands-on experience with cloud security, particularly AWS (IAM, VPC, CloudTrail, GuardDuty)
  • You understand AI/ML security risks like prompt injection, insecure code generation, and LLM-assisted attack vectors
  • Bonus Points:
    • You've built internal security platforms or developer-facing security tooling
    • You've done detection engineering — writing detection rules, tuning signals, reducing alert fatigue
    • You've secured networking or developer infrastructure products

Tech Stack

ngrok runs entirely on AWS. Engineers develop by using remote development tools and/or ssh to connect to remote EC2 environments that run a full Kubernetes cluster of the ngrok stack, closely mirroring production. The codebase is primarily Go and TypeScript. We use Postgres for persistence, Kafka for streaming, Protobuf for service boundaries, and Kubernetes, Terraform, Helm, and Buildkite to operate and ship reliably. React is used for user interfaces, and GitHub supports our development workflows and remembers everything.

Location

This is a remote position for candidates outside of the Bay Area and a hybrid role for candidates within commuting distance to San Francisco. Our Bay Area employees commute to the office on Tuesdays and Wednesdays.

Sponsorship

All candidates must be US-based, and legally authorized to work in the United States.

At this time, ngrok is unable to provide visa sponsorship for this position. Applicants must be authorized to work in the United States on a permanent, ongoing basis without the need for current or future sponsorship.

Compensation

Job level and actual compensation will be evaluated based on factors including, but not limited to, qualifications objectively assessed during the interview process (including skills and prior relevant experience, potential impact, and scope of role), internal equity with other team members, market data, and specific work location.

  • Tier 1 (SF, LA, Seattle, NYC): $234,000 – $286,000
  • Tier 2 (rest of US): $215,280 – $263,120

Full Time Employee Benefits

  • Health stuff that actually matters. Full premiums covered on base healthcare, dental, and vision for you. Half covered for your dependents. Mental health and well-being support included, because taking care of your brain is as important as taking care of your teeth.
  • Retirement matching that doesn't suck. 401(k) with 100% match up to 3% of your salary and 50% match up to another 2%. Future you will appreciate present you.
  • Actually flexible time off. We say "open, flexible vacation policy" and actually mean it. Take the time you need. Your manager will bug you if you're not taking enough.
  • Parental leave that's realistic. Up to 16 weeks if you give birth, up to 8 weeks for new parents (birth, adoption, fostering—however your family grows).
  • Money to keep growing. Annual professional development budget for books, courses, conferences, or whatever helps you level up. Plus an annual home office/desk stipend to make your workspace not terrible.
  • Work from wherever. Co-working space stipend if you want to get out of your house but aren't near our SF office.
  • Lunch on us. 2x+ per week for employees onsite at our San Francisco office. Free food tastes better.
  • Company offsites. Twice a year we get the whole team together. It's part strategy, part bonding, part excuse to hang out with Bufo (the toad).
  • Regular feedback and fair compensation. Bi-annual reviews to make sure you're getting real feedback and staying competitively compensated. No surprises, no waiting around for performance conversations.
+ Show Original Job Post
Suggest a correction
























Senior Security Engineer
RemoteSan Francisco Bay Area
$215,280 – 286,000 USD / year
Engineering
Apply to job
About ngrok
Provides secure, developer-friendly tunneling and ingress services to expose local applications to the internet for testing and deployment.