Senior Security Engineer

TL;DR

Senior Security Engineer (Cybersecurity): Leading secure design, architecture review, and threat modeling for applications and cloud infrastructure with an accent on developing and applying security controls and automating security workflows. Focus on embedding security early in application and infrastructure lifecycles, and staying current on emerging threats and AWS service changes.

Location: Remote-first role based in the U.S. Team members are expected to attend multiple company-wide and team-specific onsites throughout the year.

Company

hirify.global is the world's leading fundraising platform for non-profit educational institutions, trusted by 1,300+ colleges, universities, and K-12 schools.

What you will do

• Lead secure design, architecture review, and threat modeling for applications including web services, APIs, microservices, and mobile.
• Lead secure design and review for infrastructure and cloud, covering AWS VPCs, IAM, compute/storage services, and infrastructure-as-code (IaC).
• Develop and apply application security controls such as code review guidance, static/dynamic analysis, and penetration testing.
• Develop and apply cloud infrastructure security controls like guardrails for IaC templates, drift detection, and logging/monitoring.
• Automate security workflows across app and infra domains, building tooling and integrating into CI/CD pipelines.
• Collaborate closely with DevOps/SRE/CloudOps/Architecture teams to embed security early in lifecycles.

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, or related field, or equivalent work experience.
• 10+ years of hands-on experience in application security and/or infrastructure/cloud security, preferably covering both.
• Strong practical experience securing applications (threat modeling, secure design, code review, pen testing) and cloud infrastructure (VPCs, compute/storage, IAM, networking).
• Proven experience in AWS: securing AWS services such as EC2, Lambda, EKS, S3, RDS, VPC, and IAM.
• Experience with infrastructure-as-code (IaC) tools (Terraform, CloudFormation), security automation, and embedding security into deployment pipelines.
• Deep understanding of networking/security fundamentals: TCP/IP, HTTP/S, DNS, routing, firewalls, segmentation, and zero-trust.
• Strong scripting/automation skills in one or more languages (e.g., Python, Go, JavaScript/TypeScript) for building security tooling.
• Excellent communication skills for influencing across teams and conveying complex security topics.

Nice to have

• Security certifications such as CEH.

Culture & Benefits

• Purpose-driven team focused on advancing the quality, affordability, and accessibility of education.
• Flexible, distributed work environment with a remote-first approach for team members located across the US.
• Opportunity to use a 12,000 sq ft office in Washington, DC, and attend regular team meet-ups, events, and retreats.
• Commitment to fostering an environment of support, inclusivity, and learning.
• Company listed on Y Combinator's Top Companies and Inc. 5000 lists.