Senior/staff Security Engineer

EvenUp EvenUp · Vertical AI · San Francisco, CA · Hybrid · Engineering

Senior/Staff Security Engineer at a fast-growing vertical SaaS company using AI for document generation. The role focuses on setting security strategy, risk management, code/network security, incident response, compliance, and continuous monitoring, with a specific emphasis on AI-specific threats.

What you'd actually do

  1. Identify and address security risks through comprehensive assessments, mitigation strategies, and execution.
  2. Ensure secure coding and implement systems to protect against unauthorized access and data breaches.
  3. Develop and execute incident response plans, conduct forensic analysis, and take preventive measures.
  4. Maintain compliance with regulations and industry standards, promote transparency, and address ethical concerns.
  5. Establish real-time monitoring systems, conduct regular assessments, and proactively respond to threats.

Skills

Required

  • 5+ years in a security-focused engineering role
  • Hands-on technical architecture, implementation, and oversight experience
  • Expertise in SAST/DAST, application security, and CI/CD pipeline integration
  • Deep knowledge of AI-specific threats
  • Experience implementing security principles, operating system and web application security
  • Familiarity with the OWASP Top 10 and common threat tactics
  • Knowledge of next-generation security technologies (SASE, CASB, RASP)
  • Hands-on experience with patch management, software supply chain security, and artifact repositories
  • Strong programming or scripting skills in at least one language (e.g., Python, Ruby, Node.js)
  • Relevant cybersecurity certification (CISSP, CISM, CISA, CRISC, GIAC, etc.)
  • Up-to-date on technology and vulnerability trends
  • Ability to secure cloud computing applications and ecosystems
  • Application/infrastructure-level security design experience
  • Modern mitigation techniques (e.g., DNS-SEC, cryptographic fundamentals)
  • Strong automation skills with Python

Nice to have

  • Experience building or scaling a security function

What the JD emphasized

  • Deep knowledge of AI-specific threats (prompt injection, model poisoning, membership inference, adversarial perturbation, output manipulation)
  • Proven security experience at a startup or high-growth company - you've built or scaled a security function before, not just maintained one.