What you'd actually do

Design, build, and operate authentication and authorization systems that work at Gusto scale.

Strengthen core services and data protections, including access control, storage, and APIs.

Detect and mitigate account takeover and other abuse, improving safety for our customers.

Build security platforms and tooling that help product and AI teams move quickly and safely.

Own and improve high-availability security and identity services that other teams depend on.

Tackle ambiguous AI/LLM security problems from threat modeling to practical mitigations.

Provide leadership in promoting security and software engineering excellence.

Skills

Required

backend software engineering skills
building and operating high-availability services at scale
partner cross-functionally and communicate technical tradeoffs clearly
genuine interest and desire to grow within the security domain

Nice to have

authorization platforms/policy engines
GraphQL
gRPC
Kubernetes
Terraform
Traefik
Flask
Okta
authentication and authorization
SAML/SSO
RBAC
ABAC
access control
abuse detection
data protection
security tooling or platforms

About Gusto

At Gusto, we're on a mission to grow the small business economy. We handle the hard stuff — payroll, health insurance, 401(k)s, and HR — so owners can focus on their craft and their customers. With teams in Denver, San Francisco, and New York, we support more than 500,000 small businesses nationwide and are building a workplace that reflects the people we serve.

All full-time employees receive competitive base pay, benefits, and equity (RSUs) — because everyone who helps build Gusto should share in its success. Offer amounts are determined by role, level, and location. Learn more about ourTotal Rewards philosophy.

AI is a fundamental part of how work gets done at Gusto. We expect all team members to actively engage with AI tools relevant to their role and grow their fluency as the technology evolves. AI experience requirements vary by role and will be assessed during the interview process.

About the Role:

We’re hiring two Staff Engineers for our Product & AI Security Engineering team. You’ll own and evolve the security foundations behind Gusto’s products and AI/LLM experiences—from authentication and authorization at scale to securing core services and data.You'll define and own security architecture and standards across Gusto's products and AI/LLM experiences — setting the direction for authentication, authorization, and safe data handling, and building the platforms and guardrails that other teams rely on.

About the Team:

The Product & AI Security Engineering team sits at the intersection of product, platform, and AI at Gusto. We prioritize high‑leverage projects that reduce risk, harden our foundations, and unlock faster delivery for other teams. We build security tools and services, embed with partner teams when needed, and set best practices for authentication, authorization, and safe data handling—especially as we adopt AI and LLMs.

Here’s what you’ll do day-to-day:

Design, build, and operate authentication and authorization systems that work at Gusto scale.
Strengthen core services and data protections, including access control, storage, and APIs.
Detect and mitigate account takeover and other abuse, improving safety for our customers.
Build security platforms and tooling that help product and AI teams move quickly and safely.
Own and improve high-availability security and identity services that other teams depend on.
Tackle ambiguous AI/LLM security problems from threat modeling to practical mitigations.
Provide leadership in promoting security and software engineering excellence.

Here’s what we're looking for:

10+ years of experience as a backend engineer, building and operating large-scale server-side services and APIs
Proven track record building secure, highly available distributed systems and services.
Hands-on experience with modern security tooling and practices (e.g., SAST, DAST, SIEM, SCA).
Proficiency in one or more of: Ruby, Python, Kotlin, JavaScript/TypeScript
Experience with AI tools for coding (ex: Cloud Code, Cursor, Github Copilot)
Strong collaboration skills and comfort breaking down complex, cross‑cutting security and AI problems into clear, practical solutions.

Required:

Strong backend software engineering skills — you write clean, scalable, well-tested code
Experience building and operating high-availability services at scale
Ability to partner cross-functionally and communicate technical tradeoffs clearly
Genuine interest and desire to grow within the security domain — you don't need to have worked in security before, but you're excited to get started.

Nice to have:

Experience with authorization platforms/policy engines (e.g., Open Policy Agent, SpiceDB) and technologies like GraphQL, gRPC, Kubernetes, Terraform, Traefik, Flask, Okta.
Experience with authentication and authorization, such as SAML/SSO, RBAC, and ABAC.
Familiarity with security concepts like access control, abuse detection, or data protection
Prior work on security tooling or platforms

Our cash compensation amount for this role is targeted at $218,94-260,000 in the San Francisco Bay Area. Stock equity is additional. Final offer amounts are determined by multiple factors including candidate experience and expertise and may vary from the amounts listed above.

Gusto has physical office spaces in Denver, San Francisco, and New York City. Employees who are based in those locations will be expected to work from the office on designated days approximately **2-3 days **per week (or more depending on role). The same office expectations apply to all Symmetry roles, Gusto's subsidiary, whose physical office is in Scottsdale.

Note: The San Francisco office expectations encompass both the San Francisco and San Jose metro areas.

When approved to work from a location other than a Gusto office, a secure, reliable, and consistent internet connection is required. This includes non-office days for hybrid employees.

Our customers come from all walks of life and so do we. We hire great people from a wide variety of backgrounds, not just because it's the right thing to do, but because it makes our company stronger. If you share our values and our enthusiasm for small businesses, you will find a home at Gusto.

Gusto is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Gusto considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Gusto is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. We want to see our candidates perform to the best of their ability. If you require a medical or religious accommodation at any time throughout your candidate journey, please fill out this form and a member of our team will get in touch with you.

Gusto takes security and protection of your personal information very seriously. Please review our Fraudulent Activity Disclaimer.

Personal information collected and processed as part of your Gusto application will be subject to Gusto's Applicant Privacy Notice.