What you'd actually do

Lead and own ongoing operation and maintenance of Samsara’s threat modeling program, ensuring consistent execution of processes.

Assist in detecting, raising risks found within the Samsara ecosystem, and recommending best next steps while balancing business needs.

Work closely with the Vulnerability Technical Program Manager to generate and distribute monthly and quarterly compliance reports.

Collaborate with engineering teams to track and support the remediation of identified vulnerabilities, providing guidance on best practices.

Participate in security incident investigations related to high-profile vulnerabilities, helping gather data and assess potential impact on Samsara infrastructure.

Skills

Required

6+ years of relevant experience with demonstrated impact for application or product security and threat modeling in an enterprise environment.
Deep familiarity with OWASP Top Ten, the STRIDE threat modeling framework (or equal such as PASTA or DREAD), MITRE ATT&CK.
Defining and driving SDLC adoption with business focused engineers.
Experience managing Bug Bounty programs such as Bug Crowd.
Strong familiarity with common security vulnerabilities and the ability to judge their severity and impact on the business.
Experience coding with Python or GoLang.

Nice to have

Security certifications such as CISSP, AWS Certified Security Specialty, or equal.
Experience and knowledge of FedRAMP and other regulatory security requirements.
Experience with Semgrep or Wiz.

Who we are

Samsara (NYSE: IOT) is the pioneer of the Connected Operations™ Cloud, which is a platform that enables organizations that depend on physical operations to harness Internet of Things (IoT) data to develop actionable insights and improve their operations. At Samsara, we are helping improve the safety, efficiency and sustainability of the physical operations that power our global economy. Representing more than 40% of global GDP, these industries are the infrastructure of our planet, including agriculture, construction, field services, transportation, and manufacturing — and we are excited to help digitally transform their operations at scale.

Working at Samsara means you’ll help define the future of physical operations and be on a team that’s shaping an exciting array of product solutions, including Video-Based Safety, Vehicle Telematics, Apps and Driver Workflows, and Equipment Monitoring. As part of a recently public company, you’ll have the autonomy and support to make an impact as we build for the long term.

About the role:

We’re seeking a talented Senior Security Engineer with hands-on experience deploying, managing, leading and performing Threat Models In this role, you’ll work alongside technical product managers and engineers across the company to maintain Samsara’s security and de-risk software security concerns to better protect our customers.

We seek someone who is passionate about leveraging automation to enhance efficiency, is enthusiastic about working with infrastructure-as-code, and has a wealth of experience collaborating with teams to reduce software vulnerabilities. Your contributions will be critical to shaping our overall security and compliance strategy. At Samsara, we value working backwards from winning as an operating principle. Your ability to define success and work with cross-functional stakeholders by working backwards to reach that success is pivotal.

**This is a remote position open to candidates residing in the US except the San Francisco Bay Metro Area, NYC Metro Area, and Washington, D.C. Metro Area. You will be regularly working with UK and India team employees who are also on your team via Zoom during United States standard working hours. **

You should apply if:

You want to impact the industries that run our world: Your efforts will result in real-world impact—helping to keep the lights on, get food into grocery stores, reduce emissions, and most importantly, ensure workers return home safely.
You are the architect of your own career: If you put in the work, this role won’t be your last at Samsara. We set up our employees for success and have built a culture that encourages rapid career development, and countless opportunities to experiment and master your craft in a hyper-growth environment.
You’re energized by our opportunity: The vision we have to digitize large sectors of the global economy requires your full focus and best efforts to bring forth creative, ambitious ideas for our customers.
You want to be with the best: At Samsara, we win together, celebrate together and support each other. You will be surrounded by a high-caliber team that will encourage you to do your best.

In this role, you will:

Lead and own ongoing operation and maintenance of Samsara’s threat modeling program, ensuring consistent execution of processes.
Assist in detecting, raising risks found within the Samsara ecosystem, and recommending best next steps while balancing business needs.
Work closely with the Vulnerability Technical Program Manager to generate and distribute monthly and quarterly compliance reports.
Collaborate with engineering teams to track and support the remediation of identified vulnerabilities, providing guidance on best practices.
Participate in security incident investigations related to high-profile vulnerabilities, helping gather data and assess potential impact on Samsara infrastructure.
Contribute to documentation and process improvements to streamline risk management workflows.
Champion Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) in daily work.
Be regularly on call to support.

Minimum requirements for the role:

6+ years of relevant experience with demonstrated impact for application or product security and threat modeling in an enterprise environment.
Deep familiarity with OWASP Top Ten, the STRIDE threat modeling framework (or equal such as PASTA or DREAD), MITRE ATT&CK.
Defining and driving SDLC adoption with business focused engineers.
Experience managing Bug Bounty programs such as Bug Crowd.
Strong familiarity with common security vulnerabilities and the ability to judge their severity and impact on the business.
Experience coding with Python or GoLang.

An ideal candidate also has:

Security certifications such as CISSP, AWS Certified Security Specialty, or equal.
Experience and knowledge of FedRAMP and other regulatory security requirements.
Experience with Semgrep or Wiz.

The range of annual base salary for full-time employees for this position is below. Please note that base pay offered may vary depending on factors including your city of residence, job-related knowledge, skills, and experience. Learn more about our total rewards and benefits below.

Annual Base Salary

$157,675—$265,000 USD

Total Rewards

At Samsara, we build for the people who keep the global economy moving. We want owners, not passengers, which is why our rewards are designed to fuel high-impact builders. Our compensation program delivers above-market total compensation through a combination of base salary, performance-based bonus/variable pay, and equity (for eligible roles) in a high-growth public company. We meaningfully differentiate pay for our top performers, who have the opportunity to earn above-market compensation that can outpace the broader market over time.

Beyond compensation, we provide the foundations that enable long-term success: a flexible, employee-led remote model, a professional development stipend, comprehensive health and parental leave plans, and more. If you’re ready to build for the long term and own the outcome, your journey starts here.

**Flexible Working **

At Samsara, we embrace a flexible working model that caters to the diverse needs of our teams. Our offices are open for those who prefer to work in-person and we also support remote work where it aligns with our operational requirements. For certain positions, being close to one of our offices or within a specific geographic area is important to facilitate collaboration, access to resources, or alignment with our service regions. In these cases, the job description will clearly indicate any working location requirements. Our goal is to ensure that all members of our team can contribute effectively, whether they are working on-site, in a hybrid model, or fully remotely. All offers of employment are contingent upon an individual’s ability to secure and maintain the legal right to work at the company and in the specified work location, if applicable.

Belonging at Samsara

At Samsara, we welcome everyone regardless of their background. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, gender, gender identity, sexual orientation, protected veteran status, disability, age, and other characteristics protected by law. We depend on the unique approaches of our team members to help us solve complex problems and want to ensure that Samsara is a place where people from all backgrounds can make an impact.

**Accommodations **

Samsara is an inclusive work environment, and we are committed to ensuring equal opportunity in employment for qualified persons with disabilities. Please email accessibleinterviewing@samsara.com or click here if you require any reasonable accommodations throughout the recruiting process.

Our Commitment to Authenticity

We use Tofu, a fraud detection tool, to validate the authenticity of applications and protect against identity fraud. This ensures we are connecting with real people and allows us to prioritize genuine candidates. Please see Samsara’s Candidate Privacy Notice for more information.

Fraudulent Employment Offers

Samsara is aware of scams involving fake job interviews and offers. Please know we do not charge fees to applicants at any stage of the hiring process. Official communication about your application will only come from emails ending in @samsara.com, @us-greenhouse-mail.io or @mail3.guide.co. For more information regarding fraudulent employment offers, please visit our blog post here.