[Remote] Staff Security Engineer
Note: The job is a remote job and is open to candidates in USA. Assured is on a mission to modernize insurance by providing large insurers with software solutions to enhance claims processing. They are seeking a Staff Security Engineer to scale and mature security across their platform, partnering with engineering, infrastructure, and product teams to embed security in their software development processes.ResponsibilitiesLead security architecture and design reviews across applications, infrastructure, and integrations to ensure secure patterns are embedded early in the development lifecycleConduct and coordinate penetration testing, threat modeling, and security reviews for critical services, new features, and third-party integrationsDesign and implement security automation within CI/CD pipelines to ensure secure coding practices and infrastructure policies are enforced at scalePartner with infrastructure and DevOps teams to secure cloud platforms (AWS) and improve identity, network, and workload securityBuild security observability and detection capabilities, including security data pipelines, SIEM integrations, and threat intelligence signalsThink like an attacker—identify systemic weaknesses and design controls that protect against entire classes of attacks, not just individual vulnerabilitiesWork closely with developers to improve security practices through secure architecture guidance, code review support, and developer enablementLead incident response investigations and help build processes for identifying, analyzing, and mitigating security incidentsOwn and evolve the bug bounty program, including triage, response processes, and improvements to vulnerability management workflowsDevelop security standards, playbooks, and training programs that make security practices easier for engineering teams to adoptHelp define the security roadmap, identifying initiatives that improve both risk posture and operational efficiencySkillsDeep understanding of application security, cloud security, and modern threat landscapes, including common vulnerabilities and attack techniques (OWASP Top 10, MITRE ATT&CK, etc.)Strong software engineering background with experience writing production-grade code or automation (Python, Typescript, or similar)Hands-on experience securing cloud-native infrastructure, especially AWS, including IAM, networking, and containerized workloadsExperience building or integrating DevSecOps pipelines, including SAST, DAST, IaC scanning, and container security toolingExperience designing security telemetry pipelines using tools such as SIEM platforms, observability systems, or data lakesExperience running or participating in penetration testing, threat modeling, or architectural security reviewsProven ability to collaborate effectively with engineering, DevOps, and product teams to drive secure design decisionsExcellent communication skills and the ability to clearly explain complex security risks and trade-offs to both technical and non-technical stakeholdersStrong understanding of SaaS architectures, distributed systems, and internet-facing platformsExperience developing security frameworks aligned with CIS benchmarks, NIST, or SOC2 / PCI / HIPAA compliance requirementsExperience building security detections, threat intelligence pipelines, or runtime protection mechanismsHands-on experience with Kubernetes, container security, and infrastructure-as-code (Terraform, Ansible)BenefitsCompetitive salary and equity packages for all employeesPlatinum medical, dental, and visionFree life insurance: Including long-term disability & short-term disabilityUnlimited PTO: Uncapped vacation days & paid holidaysFamily Leave: Maternity & paternity401(k) Contribution: Assured contributes 3% of your income, even if you don't contributeWFH Benefits: Lunch on us 2x/week, monthly phone stipend & other home office perksHealth FSAs & HSAs: Pre-tax accounts for out-of-pocket medical expensesTeam events & Offsites: We're remote, but we regularly get togetherCompany Overview**We have been made aware of individuals falsely posing as recruiters from Assured Insurance Technologies Inc. It was founded in 2019, and is headquartered in Palo Alto, California, USA, with a workforce of 51-200 employees. Its website is https://www.assured.com/.