[Remote] Staff Security Engineer I
Note: The job is a remote job and is open to candidates in USA. EDB provides a data and AI platform that empowers organizations to harness the full power of Postgres for various workloads. As a Staff Security Engineer, you will lead security initiatives, design architectures, and collaborate with engineering teams to ensure the security of EDB's products and infrastructure.ResponsibilitiesLead cross-functional application security initiatives to identify, prioritize, and mitigate security risks across EDB's productsWrite and review code to build security automation and tooling that serves the full InfoSec organization accelerating the team's ability to detect, respond, and remediateBuild & orchestrate security agents deploying AI-driven security tools using LLMs and orchestration frameworks (LangChain) to automate threat modeling, alert triaging, and code analysisPartner with internal teams to implement security guardrails for internal AI applications, focusing on prompt injection mitigation, data leakage prevention, and secure architecturesIntegrate AI tools into the SDLC to perform automated architectural risk assessments, security reviews, and identify vulnerabilities in generated code or toolsetsDesign and integrate complex security architectures across cloud and on-premise environments, strengthening EDB's overall defense posture against advanced threatsLead vulnerability disclosure investigations, coordinating with engineering teams to assess impact, validate findings, and drive timely remediationEmbed security into the software development lifecycle through secure design reviews, code review, threat modeling, and ongoing partnership with engineering and product teams. Build trust with development teams by meeting them where they are, respecting their workflows, and delivering clear guidance throughout implementationDeliver security solutions as minimum valuable products, starting with the smallest solution that provides the needed value and iterating over time as capacity allowsDrive continuous improvement of security tooling, detection capabilities, and monitoring infrastructureSkillsA developer-centric background with demonstrated ability to write and review production-quality code in Python, Go, or a comparable languageHands-on LLM engineering with proven experience working with LLM APIs (Anthropic Claude, OpenAI) and 'AI-as-a-Service' kits to build functional internal tools or security automationsDeep understanding of the OWASP Top 10 for LLMs, including risks like prompt injection, insecure output handling, and training data poisoningAbility to craft complex, multi-shot prompts and system instructions to ensure AI security agents provide high-fidelity, low-noise resultsProven experience leading cross-functional application security initiatives in complex, distributed environmentsDemonstrated experience leading vulnerability disclosure investigations, including impact assessment, coordination with engineering teams, and driving remediation. (You don't need to be able to write novel exploits — you need to assess risk and drive fixes.)Proven ability to build trust with development teams: reviewing their code, engaging in their design discussions, and partnering as a peer rather than a gatekeeperStrong communication skills with the ability to influence cross-functional stakeholders, translate technical security concerns into business risks, and negotiate priorities with partner teams to get security initiatives on shared roadmapsAn empathetic, collaborative approach to working with partner teams, respecting their processes and assuming the best while still driving accountability for security outcomesDemonstrated ability to balance long-term security architecture initiatives with day-to-day operational security needs, delivering incremental value rather than waiting for large, all-at-once solutionsAn AI-first approach to problem solving and security, leveraging AI tools and techniques to accelerate delivery, automate security workflows, and enhance decision-makingInterest in growing into a broader InfoSec role over time, taking on expanded scope and influence across the organizationFamiliarity with AI Red Teaming or using LLMs to simulate adversarial attack pathsExperience with database security, particularly PostgreSQL or other relational database systemsKnowledge of the MITRE ATT&CK Framework, attack chains, and attack path mappingExperience developing and delivering security awareness training programs at an organizational levelExperience writing and reviewing CContributions to open-source AI security projects or frameworksExpertise in one or more compliance frameworks: SOC 2, PCI, HIPAA, FedRAMP (800-53), ISO 27001BenefitsEDB is committed to supporting our employees' overall well being by offering a range of benefits and resources to promote a healthy work-life balance and wellness.We provide access to CuraLinc to aid employees in health and wellness tips and practicesWellness Fridays extending to December 2026Check out our career site for more information on perks and benefits and reach out to our Talent Acquisition team for region specific benefits.Company OverviewEDB is the leading sovereign Postgres data and AI platform. It was founded in 2004, and is headquartered in Bedford, Massachusetts, USA, with a workforce of 501-1000 employees. Its website is https://www.enterprisedb.com.Company H1B SponsorshipEDB has a track record of offering H1B sponsorships, with 4 in 2023, 2 in 2022. Please note that this does not guarantee sponsorship for this specific role.