[Remote] Senior Security Engineer
Note: The job is a remote job and is open to candidates in USA. Sift is the AI-powered fraud platform securing digital trust for leading global businesses. As a Senior Security Engineer, you’ll design, implement, and operate security controls and tooling across Sift’s stack, working closely with various teams to secure systems end-to-end and mentor other engineers on secure practices.ResponsibilitiesDesign and implement security controls and tooling across Sift’s infrastructure and applications (e.g., IAM policies, network controls, secrets management, endpoint protections, container and workload security)Embed with product and platform teams to perform security design reviews, threat modeling, and code or configuration reviews for new features and servicesImprove the secure SDLC by integrating AI-powered scanning tools, security scanning (SAST/DAST, dependency and container scanning) into CI/CD, and by developing guardrails, templates, and best practices for engineersOwn or co‑own vulnerability management workflows, from discovery and triage through remediation, including defining SLAs, coordinating with service owners, and tracking closureDevelop automation (scripts, services, integrations) to detect misconfigurations, anomalous activity, or policy violations, and to reduce manual operational work for the security teamParticipate in security incident response (on‑call rotation or escalation), including investigation, containment, root cause analysis, and long‑term fixesContribute to security documentation and standards, ensuring we have clear, actionable guidance for engineers on topics like authentication, authorization, data encryption, and key managementSupport audits and assessments (e.g., SOC 2, customer security questionnaires) by providing technical details and evidence of control design and effectivenessMentor other engineers on secure design and implementation practices through pairing, reviews, training sessions, and written guidanceSkills5+ years of experience in security engineering, infrastructure engineering, or application security, ideally in a B2B SaaS or cloud‑native environmentHands‑on experience with at least one major public cloud platform (e.g., GCP, AWS), including IAM, networking, logging/monitoring, and security servicesStrong proficiency in at least one programming or scripting language (e.g., Python, Go, Java, or similar) and experience using code to automate security controls or detectionDirect experience with AI/LLM-specific security risks (prompt injection, model supply chain, etc.)Demonstrated knowledge of secure application and system design, including topics like authentication/authorization, encryption in transit and at rest, least‑privilege access, and secrets managementExperience with security tooling such as vulnerability scanners, SAST/DAST tools, SIEM/centralized logging, endpoint protection, or cloud security posture managementSolid understanding of common vulnerabilities and attack patterns (e.g., OWASP Top 10, misconfigurations, supply‑chain risks) and how to mitigate them in practiceAbility to work cross‑functionally with engineering, IT, and compliance/legal teams, and to translate security requirements into practical implementation detailsClear written and verbal communication skills, including the ability to document designs and decisions and to educate others on security best practicesA collaborative, pragmatic approach: you're comfortable making risk‑based decisions, proposing options, and supporting teams in implementing secure, scalable solutionsBenefitsOffers EquityCompany OverviewSift applies insights from a global network of data to detect fraud and increase positive user experience. It was founded in 2011, and is headquartered in San Francisco, California, USA, with a workforce of 201-500 employees. Its website is http://sift.com.Company H1B SponsorshipSift has a track record of offering H1B sponsorships, with 3 in 2026, 12 in 2025, 10 in 2024, 12 in 2023, 16 in 2022, 13 in 2021, 13 in 2020. Please note that this does not guarantee sponsorship for this specific role.