Senior Security Engineer

Senior Security Engineer

Skyhigh Security is a dynamic, fast-paced, cloud company that is a leader in the security industry. Our mission is to protect the world's data, and because of this, we live and breathe security. We value learning at our core, underpinned by openness and transparency.

Since 2011, organizations have trusted us to provide them with a complete, market-leading security platform built on a modern cloud stack. Our industry-leading suite of products radically simplifies data security through easy-to-use, cloud-based, Zero Trust solutions that are managed in a single dashboard, powered by hundreds of employees across the world. With offices in Santa Clara, Aylesbury, Paderborn, Bengaluru, Sydney, Tokyo and more, our employees are the heart and soul of our company.

Skyhigh Security Is more than a company; here, when you invest your career with us, we commit to investing in you. We embrace a hybrid work model, creating the flexibility and freedom you need from your work environment to reach your potential. From our employee recognition program, to our 'Blast Talks' learning series, and team celebrations (we love to have fun!), we strive to be an interactive and engaging place where you can be your authentic self.

The Senior Security Engineer is responsible for the secure design, development, and operation of Skyhigh products and services. This role involves a mix of proactive security design, vulnerability management, and incident response, with a strong focus on maintaining and enforcing compliance standards. You will be a key contributor to our security posture, working closely with cross-functional teams to embed security best practices throughout the entire development lifecycle.

Responsibilities:

• As our Senior Security Engineer you'll play a pivotal role in architecting and securing our entire software ecosystem. You'll partner with engineering teams across the organization, influencing the design and development of our products to ensure they are secure by default.
• You'll be a key driver in maintaining our coveted security certifications, ensuring our platform adheres to stringent standards like FedRAMP and SOC 2.
• This is a high-impact, proactive role that goes beyond just finding flaws. You'll be instrumental in building security into our development process, from threat modeling and secure design to managing our vulnerability remediation lifecycle.
• You'll serve as a trusted advisor and subject matter expert, working collaboratively with all engineering teams to cultivate a robust security culture and empower them with the knowledge and tools to write secure code.

Qualifications:

• 5 to 8 years of expertise in application security principles, methodologies, and common attack vectors (e.g., OWASP Top 10). You have hands-on experience with a variety of security tools for static and dynamic analysis (SAST/DAST) and vulnerability management.
• Passionate about DevSecOps and skilled in automating security tasks, integrating tools into CI/CD pipelines, and developing security policies for Infrastructure as Code (IaC).
• Natural problem-solver with a knack for incident detection, triage, and root cause analysis. You can provide practical, effective remediation plans for security issues across the stack.
• Excellent communicator who can influence and guide engineers and leadership without direct authority. You enjoy educating others and serving as a subject matter expert to build a strong security culture.

We believe that the best solutions are developed by teams who embrace each other's unique experiences, skills, and abilities. We work hard to create a dynamic workforce where we encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.

• Retirement Plans
• Medical, Dental and Vision Coverage
• Paid Time Off
• Paid Parental Leave
• Support for Community Involvement

We're serious about our commitment to a workplace where everyone can thrive and contribute to our industry-leading products and customer support, which is why we prohibit discrimination and harassment based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.