Staff Security Engineer

🕒 il y a 1 mois

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

EDB

Site WebLinkedInTous les Emplois

501 - 1000 employés

Fondée en 2004

🏢 Entreprise

🤝 B2B

💰 Venture Round en 2019-10

Software • Enterprise • B2B

EDB est une entreprise spécialisée dans la fourniture de solutions logicielles avancées et de services pour la gestion de bases de données. Elle se spécialise dans PostgreSQL, un système de gestion de bases de données open-source, et aide les organisations à déployer, gérer et évoluer leur infrastructure de données de manière efficace et sécurisée. EDB offre des outils et un support pour l'optimisation des bases de données, la migration et l'amélioration des performances, ce qui en fait un partenaire précieux pour les entreprises cherchant à maximiser leurs capacités en matière de données.

Description

• Lead cross-functional application security initiatives to identify, prioritize, and mitigate security risks across EDB's products. • Write and review code to build security automation and tooling that serves the full InfoSec organization accelerating the team's ability to detect, respond, and remediate. • Build & orchestrate security agents deploying AI-driven security tools using LLMs and orchestration frameworks (LangChain) to automate threat modeling, alert triaging, and code analysis. • Partner with internal teams to implement security guardrails for internal AI applications, focusing on prompt injection mitigation, data leakage prevention, and secure architectures. • Integrate AI tools into the SDLC to perform automated architectural risk assessments, security reviews, and identify vulnerabilities in generated code or toolsets. • Design and integrate complex security architectures across cloud and on-premise environments, strengthening EDB's overall defense posture against advanced threats. • Lead vulnerability disclosure investigations, coordinating with engineering teams to assess impact, validate findings, and drive timely remediation. • Embed security into the software development lifecycle through secure design reviews, code review, threat modeling, and ongoing partnership with engineering and product teams. Build trust with development teams by meeting them where they are, respecting their workflows, and delivering clear guidance throughout implementation. • Deliver security solutions as minimum valuable products, starting with the smallest solution that provides the needed value and iterating over time as capacity allows. • Drive continuous improvement of security tooling, detection capabilities, and monitoring infrastructure.

🎯 Exigences

• A developer-centric background with demonstrated ability to write and review production-quality code in Python, Go, or a comparable language. • Hands-on LLM engineering with proven experience working with LLM APIs (Anthropic Claude, OpenAI) and 'AI-as-a-Service' kits to build functional internal tools or security automations. • Deep understanding of the OWASP Top 10 for LLMs, including risks like prompt injection, insecure output handling, and training data poisoning. • Ability to craft complex, multi-shot prompts and system instructions to ensure AI security agents provide high-fidelity, low-noise results. • Proven experience leading cross-functional application security initiatives in complex, distributed environments. • Demonstrated experience leading vulnerability disclosure investigations, including impact assessment, coordination with engineering teams, and driving remediation. (You don't need to be able to write novel exploits — you need to assess risk and drive fixes.) • Proven ability to build trust with development teams: reviewing their code, engaging in their design discussions, and partnering as a peer rather than a gatekeeper. • Strong communication skills with the ability to influence cross-functional stakeholders, translate technical security concerns into business risks, and negotiate priorities with partner teams to get security initiatives on shared roadmaps. • An empathetic, collaborative approach to working with partner teams, respecting their processes and assuming the best while still driving accountability for security outcomes. • Demonstrated ability to balance long-term security architecture initiatives with day-to-day operational security needs, delivering incremental value rather than waiting for large, all-at-once solutions. • An AI-first approach to problem solving and security, leveraging AI tools and techniques to accelerate delivery, automate security workflows, and enhance decision-making. • Interest in growing into a broader InfoSec role over time, taking on expanded scope and influence across the organization.

🏖️ Avantages

• We provide access to CuraLinc to aid employees in health and wellness tips and practices • Wellness Fridays extending to December 2026!